2-111
Catalyst4500 Series SwitchCiscoIOS Command Reference—Release 12.2(18)EW
78-16201-01
Chapter2Cisco IOS Commands for the Catalyst 4500 Series Switches
ip arp inspection filter vlan
ip arp inspection filter vlan
To permit ARPs from hosts configured for static IP when DAI is enabled and to define an ARP access
list and apply it to a VLAN, use the ip arp inspection filter vlan command. Use the no form of this
command to disable this application.
ip arp inspection filter arp-acl-name vlan vlan-range [static]
no ip arp inspection filter arp-acl-name vlan vlan-range [static]
Syntax Description
Defaults No defined ARP ACLs are applied to any VLAN.
Command Modes Configuration
Command History
Usage Guidelines When an ARP access control list is applied to a VLAN for dynamic ARP inspection, ARP packets
containing only IP-to-Ethernet MAC bindings are compared against the ACLs. All other packet types
are bridged in the incoming VLAN without validation.
This command specifies that incoming ARP packets are compared against the ARP access control list,
and packets are permitted only if the access control list permits them.
If access control lists deny packets because of explicit denies, the packets are dropped. If packets are
denied because of an implicit deny, they are then matched against the list of DHCP bindings if the ACL
is not applied statically.
Examples This example shows how to apply the ARP ACL “static-hosts” to VLAN 1 for DAI:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip arp inspection filter static-hosts vlan 1
Switch(config)# end
Switch#
Switch# show ip arp inspection vlan 1
Source Mac Validation : Enabled
Destination Mac Validation : Disabled
IP Address Validation : Disabled
arp-acl-name Access control list name.
vlan-range VLAN number or range; valid values are from 1to 4094.
static (Optional) Specifies that the access control list should be applied statically.
Release Modification
12.1(19)EW Support for this command was introduced on the Catalyst 4500 series switch.
To Next Page
Loading...
Need help?
General
