5 ip arp inspection validate – CANOGA PERKINS 9175 Command Reference User Manual

CanogaOS Command Reference

34-4

make the interfaces untrusted, use the no form of this command.

Command Syntax

ip arp inspection trust

no ip arp inspection trust

Default

None

Command Mode

Interface configuration

Usage

Examples

This example shows how to configure an interface to be trusted:

Switch# config terminal

Switch(config)# interface eth-0-1

Switch(config-if)# ip arp inspection trust

Switch(config-if)# end

To verify the configuration, use the show form of this command:

Switch# show ip arp inspection interfaces eth-0-1

Interface Trust State Rate (pps) Burst Interval

=================================================================

eth-0-1 trusted 15 1

Switch#

Related Commands

show ip arp inspection

34.5 ip arp inspection validate

To perform specific checks for ARP inspection, use the ip arp inspection validate command in global

configuration mode. To disable checks, use the no form of this command.

Command Syntax

ip arp inspection validate [src-mac] [dst-mac] [ip]

no ip arp inspection validate [src-mac] [dst-mac] [ip]

src-mac

(Optional) Checks the source MAC address in the Ethernet header against the

sender’s MAC address in the ARP body. This checking is done against both ARP

requests and responses.

Note When

src-mac is enabled, packets with different MAC addresses are

classified as invalid and are dropped.