Table of Contents
Advertisement
| General Security Measures
C
26
HAPTER
ARP Inspection
ip arp inspection
Table 89: ARP Inspection Commands (Continued)
Command
show ip arp inspection
statistics
show ip arp inspection vlan
This command enables ARP Inspection globally on the switch. Use the no
form to disable this function.
S
YNTAX
[no] ip arp inspection
D
S
EFAULT
ETTING
Disabled
C
M
OMMAND
ODE
Global Configuration
C
U
OMMAND
SAGE
When ARP Inspection is enabled globally with this command, it
◆
becomes active only on those VLANs where it has been enabled with
the
ip arp inspection vlan
◆
When ARP Inspection is enabled globally and enabled on selected
VLANs, all ARP request and reply packets on those VLANs are
redirected to the CPU and their switching is handled by the ARP
Inspection engine.
When ARP Inspection is disabled globally, it becomes inactive for all
◆
VLANs, including those where ARP Inspection is enabled.
◆
When ARP Inspection is disabled, all ARP request and reply packets
bypass the ARP Inspection engine and their manner of switching
matches that of all other packets.
Disabling and then re-enabling global ARP Inspection will not affect the
◆
ARP Inspection configuration for any VLANs.
When ARP Inspection is disabled globally, it is still possible to configure
◆
ARP Inspection for individual VLANs. These configuration changes will
only become active after ARP Inspection is globally enabled again.
E
XAMPLE
Console(config)#ip arp inspection
Console(config)#
– 784 –
Function
Shows statistics about the number of ARP packets
processed, or dropped for various reasons
Shows configuration setting for VLANs, including ARP
Inspection status, the ARP ACL name, and if the
DHCP Snooping database is used after ACL validation
is completed
command.
Mode
PE
PE
Advertisement
Table of Contents
Troubleshooting
