Ip arp inspection – LevelOne GTL-2691 User Manual
Page 961
C
HAPTER
29
| General Security Measures
ARP Inspection
– 961 –
ip arp inspection
This command enables ARP Inspection globally on the switch. Use the no
form to disable this function.
S
YNTAX
[no] ip arp inspection
D
EFAULT
S
ETTING
Disabled
C
OMMAND
M
ODE
Global Configuration
C
OMMAND
U
SAGE
◆
When ARP Inspection is enabled globally with this command, it
becomes active only on those VLANs where it has been enabled with
the
command.
◆
When ARP Inspection is enabled globally and enabled on selected
VLANs, all ARP request and reply packets on those VLANs are
redirected to the CPU and their switching is handled by the ARP
Inspection engine.
◆
When ARP Inspection is disabled globally, it becomes inactive for all
VLANs, including those where ARP Inspection is enabled.
◆
When ARP Inspection is disabled, all ARP request and reply packets
bypass the ARP Inspection engine and their manner of switching
matches that of all other packets.
◆
Disabling and then re-enabling global ARP Inspection will not affect the
ARP Inspection configuration for any VLANs.
Sets a rate limit for the ARP packets received on a
port
IC
Sets a port as trusted, and thus exempted from ARP
Inspection
IC
Displays the global configuration settings for ARP
Inspection
PE
Shows the trust status and inspection rate limit for
ports
PE
Shows information about entries stored in the log,
including the associated VLAN, port, and address
components
PE
Shows statistics about the number of ARP packets
processed, or dropped for various reasons
PE
Shows configuration setting for VLANs, including ARP
Inspection status, the ARP ACL name, and if the
DHCP Snooping database is used after ACL validation
is completed
PE
Table 91: ARP Inspection Commands (Continued)
Command
Function
Mode