Performing validation checks, Performing validation checks” section on – Dell POWEREDGE M1000E User Manual
Page 577
23-11
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
OL-13270-03
Chapter 23 Configuring Dynamic ARP Inspection
Configuring Dynamic ARP Inspection
For configuration guidelines for rate limiting trunk ports and EtherChannel ports, see the
Inspection Configuration Guidelines” section on page 23-6
Beginning in privileged EXEC mode, follow these steps to limit the rate of incoming ARP packets. This
procedure is optional.
To return to the default rate-limit configuration, use the no ip arp inspection limit interface
configuration command. To disable error recovery for dynamic ARP inspection, use the no errdisable
recovery cause arp-inspection global configuration command.
Performing Validation Checks
Dynamic ARP inspection intercepts, logs, and discards ARP packets with invalid IP-to-MAC address
bindings. You can configure the switch to perform additional checks on the destination MAC address,
the sender and target IP addresses, and the source MAC address.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface interface-id
Specify the interface to be rate-limited, and enter interface
configuration mode.
Step 3
ip arp inspection limit {rate pps [burst
interval seconds] | none}
Limit the rate of incoming ARP requests and responses on the interface.
The default rate is 15 pps on untrusted interfaces and unlimited on
trusted interfaces. The burst interval is 1 second.
The keywords have these meanings:
•
For rate pps, specify an upper limit for the number of incoming
packets processed per second. The range is 0 to 2048 pps.
•
(Optional) For burst interval seconds, specify the consecutive
interval in seconds, over which the interface is monitored for a high
rate of ARP packets.The range is 1 to 15.
•
For rate none, specify no upper limit for the rate of incoming ARP
packets that can be processed.
Step 4
exit
Return to global configuration mode.
Step 5
errdisable detect cause arp-inspection
and
errdisable recovery cause
arp-inspection
and
errdisable recovery interval interval
(Optional) Enable error recovery from the dynamic ARP inspection
error-disabled state, and configure the dynamic ARP inspection recover
mechanism variables
By default, recovery is disabled, and the recovery interval is 300
seconds.
For interval interval, specify the time in seconds to recover from the
error-disabled state. The range is 30 to 86400.
Step 6
exit
Return to privileged EXEC mode.
Step 7
show ip arp inspection interfaces
show errdisable recovery
Verify your settings.
Step 8
copy running-config startup-config
(Optional) Save your entries in the configuration file.