beautypg.com

CANOGA PERKINS CanogaOS Command Reference User Manual

Page 688

background image

CanogaOS Command Line Reference

Revision 1.02

Proprietary & Confidential Canoga Pertkins Metro Ethernet Switches

Page 688 of 855


Default

No defined ARP ACLs are applied to any VLAN.


Command Mode

Global configuration


Usage

When an ARP access control list is applied to a VLAN for dynamic ARP inspection, the ARP packets
containing only the IP-to-Ethernet MAC bindings are compared against the ACLs. All other packet
types are bridged in the incoming VLAN without validation.
This command specifies that the incoming ARP packets are compared against the ARP access control
list, and the packets are permitted only if the access control list permits them.
If the access control lists deny the packets because of explicit denies, the packets are dropped. If the
packets are denied because of an implicit deny, they are then matched against the list of DHCP
bindings if the ACL is not applied statically.


Examples

This example shows how to apply the ARP ACL “static-hosts” to VLAN 1 for DAI:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip arp inspection filter static-hosts vlan 1
Switch(config)# end
Switch#
Switch# show ip arp inspection vlan 1
Source Mac Validation : Enabled
Destination Mac Validation : Disabled
IP Address Validation : Disabled
Vlan Configuration ACL Match Static ACL
=================================================================
1 enabled b

Vlan ACL Logging DHCP Logging
=================================================================
1 deny deny


Related Commands

arp access-list
show ip arp inspection

See also other documents in the category CANOGA PERKINS Computer hardware: