CANOGA PERKINS CanogaOS Command Reference User Manual
Page 688
CanogaOS Command Line Reference
Revision 1.02
Proprietary & Confidential Canoga Pertkins Metro Ethernet Switches
Page 688 of 855
Default
No defined ARP ACLs are applied to any VLAN.
Command Mode
Global configuration
Usage
When an ARP access control list is applied to a VLAN for dynamic ARP inspection, the ARP packets
containing only the IP-to-Ethernet MAC bindings are compared against the ACLs. All other packet
types are bridged in the incoming VLAN without validation.
This command specifies that the incoming ARP packets are compared against the ARP access control
list, and the packets are permitted only if the access control list permits them.
If the access control lists deny the packets because of explicit denies, the packets are dropped. If the
packets are denied because of an implicit deny, they are then matched against the list of DHCP
bindings if the ACL is not applied statically.
Examples
This example shows how to apply the ARP ACL “static-hosts” to VLAN 1 for DAI:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip arp inspection filter static-hosts vlan 1
Switch(config)# end
Switch#
Switch# show ip arp inspection vlan 1
Source Mac Validation : Enabled
Destination Mac Validation : Disabled
IP Address Validation : Disabled
Vlan Configuration ACL Match Static ACL
=================================================================
1 enabled b
Vlan ACL Logging DHCP Logging
=================================================================
1 deny deny
Related Commands
arp access-list
show ip arp inspection