Ip arp inspection limit, Ip arp inspection trust – LevelOne GTL-2691 User Manual

C

HAPTER

29

| General Security Measures

ARP Inspection

– 966 –

ip arp inspection

limit

This command sets a rate limit for the ARP packets received on a port. Use

the no form to restore the default setting.

S

YNTAX

ip arp inspection limit {rate pps | none}
no ip arp inspection limit

pps - The maximum number of ARP packets that can be processed

by the CPU per second. (Range: 0-2048, where 0 means that no

ARP packets can be forwarded)
none - There is no limit on the number of ARP packets that can be

processed by the CPU.

D

EFAULT

S

ETTING

15

C

OMMAND

M

ODE

Interface Configuration (Port)

C

OMMAND

U

SAGE

◆

This command applies to both trusted and untrusted ports.

◆

When the rate of incoming ARP packets exceeds the configured limit,

the switch drops all ARP packets in excess of the limit.

E

XAMPLE

Console(config)#interface ethernet 1/1

Console(config-if)#ip arp inspection limit 150

Console(config-if)#

ip arp inspection

trust

This command sets a port as trusted, and thus exempted from ARP

Inspection. Use the no form to restore the default setting.

S

YNTAX

[no] ip arp inspection trust

D

EFAULT

S

ETTING

Untrusted

C

OMMAND

M

ODE

Interface Configuration (Port)

C

OMMAND

U

SAGE

Packets arriving on untrusted ports are subject to any configured ARP

Inspection and additional validation checks. Packets arriving on trusted

ports bypass all of these checks, and are forwarded according to normal

switching rules.