Manualshelf

Specifications

ManualsBrandsCisco ManualsDocking StationAccess Registrar 3.5
271272273274275276277278279280
2-226
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
Chapter 2 Cisco IOS Commands for the Catalyst 4500 Series Switches
ip arp inspection filter vl an
ip arp inspecti on filter vl an
To permit ARPs from hosts that are configured for static IP when DAI is enabled and to define an ARP
access list and apply it to a VLAN, use the ip arp inspection filter vlan command. To disable this
application, use the no form of this command.
ip arp inspection filter arp-acl-name vlan vlan-range [static]
no ip arp inspection filter arp-acl-name vlan vlan-range [static]
Syntax Description
Defaults N o defined ARP ACLs are applied to any VLAN.
Command Modes Global c onfiguratio n mode
Usage Guidelines W hen an ARP access control list is applied to a VLAN for dynamic ARP inspection, the ARP packets
containing only the IP- to-Etherne t MAC bindin gs are compare d against th e ACLs. All ot her packet typ es
are bridged in the incoming VLAN w ithout validation.
This command specifies that the incoming ARP packets are compared against the ARP access control
list, and the packets are permitted only if the access control list permits them.
If the access control lists deny the packets because of expl icit denies, the packets are dropped. If the
packets are denied because of an implicit deny, they are then matched against the list of DHCP bindings
if the ACL is not applied statically.
Examples This exampl e shows how to apply the ARP ACL stati c hosts to VLAN 1 for DAI:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip arp inspection filter static-hosts vlan 1
Switch(config)# end
Switch#
Switch# show ip arp inspection vlan 1
Source Mac Validation : Enabled
Destination Mac Validation : Disabled
IP Address Validation : Disabled
Vlan Configuration Operation ACL Match Static ACL
---- ------------- --------- --------- ----------
1 Enabled Active static-hosts No
Vlan ACL Logging DHCP Logging
---- ----------- ------------
arp-acl-name Access control list name.
vlan-range VLAN number or rang e; valid values are from 1 to 4094.
static (Optional) Specifies that the access control list should be applied statically.