Manualshelf

Specifications

ManualsBrandsCisco ManualsDocking StationAccess Registrar 3.5
281282283284285286287288289290
2-228
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
Chapter 2 Cisco IOS Commands for the Catalyst 4500 Series Switches
ip arp inspection limit (int erface)
ip arp inspecti on limit (in terface)
To limit the rate of incoming ARP requests and responses on an interface and prevent DAI from
consuming all of the system’s resources in the event of a DoS attack, use the ip arp inspection limit
command. To release the limit, use the no form of this command.
ip arp inspection limit {rate pps | none} [burst interval seconds]
no ip arp inspection limit
Syntax Description
Defaults T he rate is set to 15 packets per second on the untrusted interfaces, assuming that the network is a
switched network with a host co nnecting to as many as 15 new hosts per second.
The rate is unlimited on all the trusted interfaces.
The burst interval is set to 1 second by defa ult.
Command Modes Interface configuration mode
Usage Guidelines T he trunk ports should be configured with higher rates to reflect their a ggregation. When the rate of the
incoming packets exceeds the user-configured rate, the interface is placed into an error-disabled state.
The error-disable timeout feature can be used to remove the port from the error-disabled state. The rate
applies to both t he trusted and nontrus ted in terfaces. Conf igure appr opriate r ates on tr unks to ha ndle the
packets across multiple DAI-enabled VLANs or use the none keyword to make the rate unlimited.
The rate of the incoming ARP packets onthe channel ports is equal to the sum of the incoming rate of
packets from all the channel members. Configure the rate limit for the channel ports only after examining
the rate of the incoming ARP packets on the channel members.
After a switch receives more than the configured rate of packets every second consecutively over a period
of burst seconds, the interfa ce is p laced into an error-disa bled sta te.
rate pps Specifies an upper limit on the number of incoming packets processed per
second. The rate can range from 1 to 1000 0.
none Spec ifies no uppe r limit on the rate of the incoming ARP p ackets that can
be processed.
burst interval seconds (Optional) Specifies the consecutive interval in seconds over which the
interface is monitored for the high rate of the ARP packets. The interval
is configurable from 1 to 15 seconds.