Configuration Guide 564
Configuring Network Security
ARP Inspection Configurations
Switch(config)#ip arp inspection
Switch(config)#interface gigabitEthernet
1/0/1
Switch(config-if)#ip arp inspection trust
Switch(config-if)#show ip arp inspection
ARP detection global status: Enabled
Port Trusted
Gi1/0/1 YES
Gi1/0/2 NO
......
Switch(config-if)#end
Switch#copy running-config startup-config
4.2.2 Configuring ARP Defend
With ARP Defend enabled, the switch can terminate receiving the ARP packets for 300
seconds when the transmission speed of the legal ARP packet on the port exceeds the
defined value so as to avoid ARP Attack flood.
Follow these steps to configure ARP Defend:
Step 1
configure
Enter global configuration mode.
Step 2
interface { fastEthernet
port |
range fastEthernet
port-list
|
gigabitEthernet
port
|
range
gigabitEthernet
port-list
}
Enter interface configuration mode.
Step 3
ip arp inspection
Enable the ARP defend feature on the port.
Step 4
ip arp inspection limit-rate
value
Specify the maximum number of the ARP packets can be received on the port per second.
value:
Specify the limit rate value. The valid values are from 10 to 100 pps (packets/second),
and the default value is 15.
Step 5
show ip arp inspection interface
(Optional) View the configurations and status of the ports.