Ip arp inspection trust, Ip arp inspection limit – LevelOne FGL-2870 User Manual

General Security Measures

4-195

4

ip arp inspection trust

This command sets a port as trusted, and thus exempted from ARP Inspection. Use
the no form to restore the default setting.

Syntax

[no] ip arp inspection trust

Default Setting

Untrusted

Command Mode

Interface Configuration (Port)

Command Usage

Packets arriving on untrusted ports are subject to any configured ARP
Inspection and additional validation checks. Packets arriving on trusted ports
bypass all of these checks, and are forwarded according to normal switching
rules.

Example

ip arp inspection limit

This command sets a rate limit for the ARP packets received on a port. Use the no
form to restore the default setting.

Syntax

ip arp inspection limit {rate pps | none}
no ip arp inspection limit

• pps - The maximum number of ARP packets that can be processed by the

CPU per second. (Range: 0-2048, where 0 means that no ARP packets
can be forwarded)

• none - There is no limit on the number of ARP packets that can be

processed by the CPU.

Default Setting

15

Command Mode

Interface Configuration (Port)

Command Usage

• This command only applies to untrusted ports.
• When the rate of incoming ARP packets exceeds the configured limit, the

switch drops all ARP packets in excess of the limit.

Console(config)#interface ethernet 1/1
Console(config-if)#ip arp inspection trust
Console(config-if)#