Chapter 49
Configuring Dynamic ARP Inspection
To remove the ARP ACL, use the no arp access-list global configuration command. To remove the ARP
ACL attached to a VLAN, use the no ip arp inspection filter arp-acl-name vlan vlan-range global
configuration command.
This example shows how to configure an ARP ACL called host2 on Switch A, to permit ARP packets
from HostB (IP address 170.1.1.2 and MAC address 2.2.2), to apply the ACL to VLAN 100, and to
configure port 1 on Switch A as untrusted:
SwitchA# configure terminal
Enter configuration commands, one per line.
SwitchA(config)# arp access-list hostB
SwitchA(config-arp-nacl)# permit ip host 170.1.1.2 mac host 2.2.2 log
SwitchA(config-arp-nacl)# exit
SwitchA(config)# ip arp inspection filter hostB vlan 100 static
SwitchA(config)# interface g3/48
SwitchA(config-if)# no ip arp inspection trust
SwitchA(config-if)# end
SwitchA# show arp access-list hostB
ARP access list hostB
permit ip host 170.1.1.2 mac host 0002.0002.0002 log
SwitchA# show ip arp inspection interfaces
Interface
---------------
Gi1/1
Gi1/2
Gi3/1
Gi3/2
Gi3/3
Gi3/4
Gi3/5
Gi3/6
Gi3/7
Gi3/8
Gi3/9
Gi3/10
Gi3/11
Gi3/12
Gi3/13
Gi3/14
Gi3/15
Gi3/16
Gi3/17
Gi3/18
Gi3/19
Gi3/20
Gi3/21
Gi3/22
Gi3/23
Gi3/24
Gi3/25
Gi3/26
Gi3/27
Gi3/28
Gi3/29
Gi3/30
Gi3/31
Gi3/32
Gi3/33
Gi3/34
OL-25340-01
Trust State
Rate (pps)
-----------
----------
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Untrusted
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
Configuring Dynamic ARP Inspection
End with CNTL/Z.
Burst Interval
--------------
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
15
1
49-13