Ip Arp Inspection Limit - D-Link DXS-3600 Series Reference Manual
Dxs-3600 series layer 2/3 managed 10gigabit ethernet switch
Hide thumbs
Also See for DXS-3600 Series:
- Cli reference manual (1456 pages) ,
- Reference manual (680 pages) ,
- Hardware installation manual (55 pages)
Table of Contents
Advertisement
DXS-3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide
Parameters
ARP-ACL-NAME
vlan VLAN-ID
,
-
static
Default
None.
Command Mode
Global Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
Use this command to specify an ARP access list to be used for ARP inspection checks for the VLAN. Up
to one access list can be specified for a VLAN.
The dynamic ARP inspection checks the ARP packets received on the VLAN to verify that the binding
pair of the source IP and source MAC address of the packet is valid. The validation process will match the
address binging against the entries of the DHCP snooping database. If the command is configured, the
validation process will match the address binging against the access list entries and the DHCP snooping
database.
ARP ACLs take precedence over entries in the DHCP snooping binding database. If the packet is
explicitly denied by the access control list, the packet is dropped. If the packet is denied due to the implicit
deny, the packet will be further matched against the DHCP snooping binding entries if the keyword "static"
is not specified. The implicit denied packet is dropped if the keyword "static" is specified.
Example
This example shows how to apply the ARP ACL static ARP list to VLAN 10 for DAI.
Switch# configure terminal
Switch(config)# ip arp inspection filter static-arp-list vlan 10
Switch(config)#
33-5 ip arp inspection limit
This command is used to limit the rate of incoming ARP requests and responses on an interface. Use the
no form of the command to return to the default settings.
ip arp inspection limit {rate VALUE [burst interval SECONDS] | none}
no ip arp inspection limit
Parameters
Specifies the access control list name with a maximum of 32
characters.
Specifies the VLAN associated with the ARP access list.
(Optional) Specifies a series of interfaces, or separate a range of
interfaces from a previous range. No space is allowed before and after
the comma.
(Optional) Specifies a range of interfaces. No space is allowed before
and after the hyphen.
(Optional) Specifies to drop the packet if the IP-to-Ethernet MAC
binding pair is not permitted by the ARP ACL.
440
Advertisement
Table of Contents
