Ip Arp Inspection Filter Vlan - Cisco Catalyst 4500 Series Command Reference Manual
Cisco ios command reference
Hide thumbs
Also See for Catalyst 4500 Series:
- Software configuration manual (2086 pages) ,
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages)
Table of Contents
Advertisement
ip arp inspection filter vlan
ip arp inspection filter vlan
To permit ARPs from hosts that are configured for static IP when DAI is enabled and to define an ARP
access list and apply it to a VLAN, use the ip arp inspection filter vlan command. To disable this
application, use the no form of this command.
Syntax Description
arp-acl-name
vlan-range
static
Defaults
No defined ARP ACLs are applied to any VLAN.
Command Modes
Global configuration mode
Command History
Release
12.1(19)EW
Usage Guidelines
When an ARP access control list is applied to a VLAN for dynamic ARP inspection, the ARP packets
containing only the IP-to-Ethernet MAC bindings are compared against the ACLs. All other packet types
are bridged in the incoming VLAN without validation.
This command specifies that the incoming ARP packets are compared against the ARP access control
list, and the packets are permitted only if the access control list permits them.
If the access control lists deny the packets because of explicit denies, the packets are dropped. If the
packets are denied because of an implicit deny, they are then matched against the list of DHCP bindings
if the ACL is not applied statically.
Examples
This example shows how to apply the ARP ACL static hosts to VLAN 1 for DAI:
Switch# config terminal
Enter configuration commands, one per line.
Switch(config)# ip arp inspection filter static-hosts vlan 1
Switch(config)# end
Switch#
Switch# show ip arp inspection vlan 1
Source Mac Validation
Destination Mac Validation : Disabled
IP Address Validation
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0SG and IOS 15.1(1)SG)
2-276
ip arp inspection filter arp-acl-name vlan vlan-range [static]
no ip arp inspection filter arp-acl-name vlan vlan-range [static]
Access control list name.
VLAN number or range; valid values are from 1 to 4094.
(Optional) Specifies that the access control list should be applied statically.
Modification
Support for this command was introduced on the Catalyst 4500 series switch.
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
End with CNTL/Z.
: Enabled
: Disabled
OL-25342 -01
Advertisement
Chapters
Table of Contents
