ECS2020 Series CLI Reference Guide R04
47
14.4
arp inspection validate
arp-inspection validate {[
src-mac|dst-mac|ip[allow-zeros]
]}
no arp-inspection validate {[src-mac|dst-mac|ip[allow-zeros]]}
Default is all validation disabled
Interface configuration mode
Use the arp-inspection validate command to enable the validate function on a n interface.
Use the no arp-inspection validate form of this command to disable validation.
The example shows how to set interface gi1 to validate “src-mac”, “dst-mac” and “ip allow
zeros”. You can verify settings by the show ip arp inspection interface command
ECS2020-10P(config)# interface GigabitEthernet 0/1
ECS2020-10P(config-if-GigabitEthernet0/1)# arp-inspection validate src-mac
ECS2020-10P(config-if-GigabitEthernet0/1)# arp-inspection validate dst-mac
ECS2020-10P(config-if-GigabitEthernet0/1)# arp-inspection validate ip allow-zeros
ECS2020-10P(config-if-GigabitEthernet0/1)# do show arp-inspection interfaces
GigabitEthernet 0/1
Interfaces | Trust State | Rate (pps) | SMAC Check | DMAC Check | IP Check/Allow Zero |
-------------+----------------+---------------+-------------------|-------------------+---------------------------+
gi0/1
| Untrusted |
None | enabled | enabled |
enabled/enabled
14.5
clear arp inspection statistics
clear arp-inspection interfaces {port-id} statistics
Null
Parameter
Parameter
Description
src-mac
The ”src-mac” drops ARP requests and reply packets
when the arp-sender-mac and ethernet-source-mac do
not match.
dst-mac
The ”dst-mac” drops ARP reply packets when the arp-
target-mac and ethernet-dest-mac do not match.
ip
The ”ip” drops ARP request and reply packets that
th e s
ender-ip is invalid such as broadcast, multicast,
all zero IP addresses, and drops ARP reply packets
when the
t
arget-ip is invalid.
allow-zeros
The ”allow-zeros” means all zero IP address will not be
dropped.
Parameter
Parameter
Description
port-id
Specifies ports to clear statistics
Default
Usage
Mode
Example
Default