Table of Contents
Advertisement
IP ARP Inspection Commands
ip arp inspection limit rate
Cisco 220 Series Smart Plus Switches Command Line Interface Reference Guide Release 1.0.0.x
Command Mode
Interface Configuration mode
User Guidelines
This command prevents dynamic ARP inspection from using all of the switch
resources if a DoS attack occurs.
The rate applies to both trusted and untrusted interfaces. Configure appropriate
rates on trunks to process packets across multiple VLANs that enabled the
dynamic ARP inspection function.
After the switch receives more than the configured rate of packets every second
consecutively over a number of burst seconds, the interface is placed into an
error-disabled state.
Unless you explicitly configure a rate limit on an interface, changing the trust state
of the interface also changes its rate limit to the default value for that trust state.
After you configure the rate limit, the interface retains the rate limit even when its
trust state is changed. If you enter the no ip arp inspection limit command, the
interface reverts to its default rate limit.
You should configure trunk ports with higher rates to reflect their aggregation.
When the rate of incoming packets exceeds the user-configured rate, the switch
places the interface into an error-disabled state. The errordisable recovery feature
automatically removes the port from the error-disabled state according to the
recovery setting.
The rate of incoming ARP packets on EtherChannel ports equals to the sum of the
incoming rate of ARP packets from all channel members. Configure the rate limit
for EtherChannel ports only after examining the rate of incoming ARP packets on
all channel members.
Example
switchxxxxxx(config)# interface gi5
switchxxxxxx(config-if)# ip arp inspection limit rate 150
15
238
Advertisement
Table of Contents
