Configuring Arp Packet Rate Limiting - Cisco 7604 Configuration Manual
Ios software configuration guide
Hide thumbs
Also See for 7604:
- Configuration manual (742 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 38
Configuring Dynamic ARP Inspection
To apply an ARP ACL, perform this task:
Command
Step 1
Router# configure terminal
Step 2
Router# ip arp inspection filter arp_acl_name
vlan { vlan_ID | vlan_range } [static]
Step 3
Router(config)# do show ip arp inspection vlan
{ vlan_ID | vlan_range }
When applying ARP ACLs, note the following information:
•
•
•
This example shows how to apply an ARP ACL named example_arp_acl to VLANs 10 through 12 and
VLAN 15:
Router# configure terminal
Enter configuration commands, one per line.
Router(config)# ip arp inspection filter example_arp_acl vlan 10-12,15
Router(config)# do show ip arp inspection vlan 10-12,15 | begin Vlan
Vlan
----
10
11
12
15
Vlan
----
10
11
12
15
Configuring ARP Packet Rate Limiting
When DAI is enabled, the router performs ARP packet validation checks, which makes the router
vulnerable to an ARP-packet denial-of-service attack. ARP packet rate limiting can prevent an
ARP-packet denial-of-service attack.
OL-4266-08
For vlan_range, you can specify a single VLAN or a range of VLANs:
–
To specify a single VLAN, enter a single VLAN number.
To specify a range of VLANs, enter a dash-separated pair of VLAN numbers.
–
You can enter a comma-separated list of VLAN numbers and dash-separated pairs of VLAN
–
numbers.
(Optional) Specify static to treat implicit denies in the ARP ACL as explicit denies and to drop
packets that do not match any previous clauses in the ACL. DHCP bindings are not used.
If you do not specify this keyword, it means that there is no explicit deny in the ACL that denies the
packet, and DHCP bindings determine whether a packet is permitted or denied if the packet does not
match any clauses in the ACL.
ARP packets containing only IP-to-MAC address bindings are compared against the ACL. Packets
are permitted only if the access list permits them.
Configuration
-------------
Enabled
Enabled
Enabled
Enabled
ACL Logging
-----------
Deny
Deny
Deny
Deny
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
Purpose
Enters global configuration mode.
Applies the ARP ACL to a VLAN.
Verifies your entries.
End with CNTL/Z.
Operation
ACL Match
---------
---------
Inactive
example_arp_acl
Inactive
example_arp_acl
Inactive
example_arp_acl
Inactive
example_arp_acl
DHCP Logging
------------
Deny
Deny
Deny
Deny
Configuring DAI
Static ACL
----------
No
No
No
No
38-9
- Quick Links:
- Supported Hardware and Software
Hide quick links:
Advertisement
Chapters
Table of Contents
