By default, 15 pps (packets per second) is allowed on untrusted interfaces; however, there is no
limit on trusted interfaces. The burst interval is 1 second.
When the rate of incoming ARP packets exceeds the configured thresholds, the port is placed in the errordisabled
state. The port will remain in this state until the user intervenes or the errdisable recovery cause
arp-inspection interval [seconds] command is enabled, so that ports can automatically recover from this
state after a specified timeout period.
Use the show ip arp inspection interfaces to display the trust state, the rate limit (pps stands for packets per
second), and the burst interval configured for the interfaces.
Use the show ip arp inspection vlan [vlan# or range] command to display the DAI configuration and the
operation state of the VLANs configured on the switch.
ARP Validation Checks
Specific additional checks can be performed on incoming ARP packets to validate the destination MAC address,
the sender IP address in ARP requests, the target IP address in ARP responses, or the source MAC address. Use
the ip arp inspection validate {[src-mac] [dst-mac] [ip]} command from the global configuration mode to
enable these additional ARP validation checks.
Pages:
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197