ip dhcp snooping

Use the ip dhcp snooping Global Configuration mode command to enable Dynamic Host Configuration Protocol (DHCP) Snooping globally. Use the no form of this command to restore the default configuration.

Syntax ip dhcp snooping no ip dhcp snooping

Parameters

N/A

Default Configuration

DHCP snooping is disabled.

Command Mode

Global Configuration mode

User Guidelines

For any DHCP Snooping configuration to take effect, DHCP Snooping must be enabled globally. DHCP Snooping on a VLAN is not active until DHCP Snooping on a VLAN is enabled by using the ip dhcp snooping vlan Global Configuration mode command.

Example

The following example enables DHCP Snooping on the device.

switchxxxxxx(config)# ip dhcp snooping

ip dhcp snooping vlan

Use the ip dhcp snooping vlan Global Configuration mode command to enable DHCP Snooping on a VLAN. Use the no form of this command to disable DHCP Snooping on a VLAN.

Syntax

ip dhcp snooping vlan vlan-id no ip dhcp snooping vlan vlan-id

Parameters

vlan-id—Specifies the VLAN ID.

Default Configuration

DHCP Snooping on a VLAN is disabled.

Command Mode

Global Configuration mode

User Guidelines

DHCP Snooping must be enabled globally before enabling DHCP Snooping on a VLAN.

Example

The following example enables DHCP Snooping on VLAN 21.

switchxxxxxx(config)# ip dhcp snooping vlan 21

ip dhcp snooping trust

Use the ip dhcp snooping trust Interface Configuration (Ethernet, Port-channel) mode command to configure a port as trusted for DHCP snooping purposes. Use the no form of this command to restore the default configuration.

Syntax

ip dhcp snooping trust no ip dhcp snooping trust

Parameters

N/A

Default Configuration

The interface is untrusted.

Command Mode

Interface (Ethernet, Port Channel) Configuration mode

User Guidelines

Configure as trusted the ports that are connected to a DHCP server or to other switches or routers. Configure the ports that are connected to DHCP clients as untrusted.

Example

The following example configures te1/0/4 as trusted for DHCP Snooping.

switchxxxxxx(config)# interface te1/0/4
switchxxxxxx(config-if)# ip dhcp snooping trust

ip dhcp snooping information option allowed-untrusted

Use the ip dhcp snooping information option allowed-untrusted Global Configuration mode command to allow a device to accept DHCP packets with option-82 information from an untrusted port. Use the no form of this command to drop these packets from an untrusted port.

Syntax

ip dhcp snooping information option allowed-untrusted no ip dhcp snooping information option allowed-untrusted Parameters

N/A

Default Configuration

DHCP packets with option-82 information from an untrusted port are discarded.

Command Mode

Global Configuration mode

Example

The following example allows a device to accept DHCP packets with option-82 information from an untrusted port.

switchxxxxxx(config)# ip dhcp snooping information option allowed-untrusted

ip dhcp snooping verify

Use the ip dhcp snooping verify Global Configuration mode command to configure a device to verify that the source MAC address in a DHCP packet received on an untrusted port matches the client hardware address. Use the no form of this command to disable MAC address verification in a DHCP packet received on an untrusted port.

Syntax

ip dhcp snooping verify no ip dhcp snooping verify

Default Configuration

The switch verifies that the source MAC address in a DHCP packet received on an untrusted port matches the client hardware address in the packet.

Command Mode

Global Configuration mode

Example

The following example configures a device to verify that the source MAC address in a DHCP packet received on an untrusted port matches the client hardware address.

switchxxxxxx(config)# ip dhcp snooping verify

ip dhcp snooping database

Use the ip dhcp snooping database Global Configuration mode command to enable the DHCP Snooping binding database file. Use the no form of this command to delete the DHCP Snooping binding database file.

Syntax ip dhcp snooping database no ip dhcp snooping database

Parameters

N/A

Default Configuration

The DHCP Snooping binding database file is not defined.

Command Mode

Global Configuration mode

User Guidelines

The DHCP Snooping binding database file resides on Flash.

To ensure that the lease time in the database is accurate, the Simple Network Time Protocol (SNTP) must be enabled and configured.

The device writes binding changes to the binding database file only if the device system clock is synchronized with SNTP.

Example

The following example enables the DHCP Snooping binding database file.

switchxxxxxx(config)# ip dhcp snooping database

ip dhcp snooping binding

Use the ip dhcp snooping binding Privileged EXEC mode command to configure the DHCP Snooping binding database and add dynamic binding entries to the database. Use the no form of this command to delete entries from the binding database.

Syntax

ip dhcp snooping binding mac-address vlan-id ip-address interface-id expiry

{seconds | infinite}

no ip dhcp snooping binding mac-address vlan-id

Parameters

mac-address—Specifies a MAC address.
vlan-id—Specifies a VLAN number.
ip-address—Specifies an IP address.
interface-id—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or Port-channel.
expiry
- seconds—Specifies the time interval, in seconds, after which the binding entry is no longer valid. (Range: 10–4294967294).
- infinite—Specifies infinite lease time.

Default Configuration

No static binding exists.

Command Mode

Privileged EXEC mode

User Guidelines

Use the ip dhcp snooping binding command to add manually a dynamic entry to the DHCP database.

After entering this command, an entry is added to the DHCP Snooping database. If the DHCP Snooping binding file exists, the entry is also added to that file.

The entry would not be added to the configuration files. The entry would be displayed in the show commands as a “DHCP Snooping” entry.

An entry added by this command can override the existed dynamic entry.

An entry added by this command cannot override the existed static entry added by the ip source-guard binding command.

The entry is displayed in the show commands as a DHCP Snooping entry.

Use the no ip dhcp snooping binding command to delete manually a dynamic entry from the DHCP database.

A dynamic temporary entries for which the IP address is 0.0.0.0 cannot be deleted.

Example

The following example adds a binding entry to the DHCP Snooping binding database.

switchxxxxxx# ip dhcp snooping binding 0060.704C.73FF 23 176.10.1.1 te1/0/4 expiry 900

clear ip dhcp snooping database

Use the clear ip dhcp snooping database Privileged EXEC mode command to clear the DHCP Snooping binding database.

Syntax

clear ip dhcp snooping database

Parameters

N/A

Command Mode

Privileged EXEC mode

Example

The following example clears the DHCP Snooping binding database.

switchxxxxxx# clear ip dhcp snooping database

show ip dhcp snooping

Use the show ip dhcp snooping EXEC mode command to display the DHCP snooping configuration for all interfaces or for a specific interface.

Syntax

show ip dhcp snooping [interface-id]

Parameters

interface-id—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or Port-channel.

Command Mode

User EXEC mode

Example

The following example displays the DHCP snooping configuration.

switchxxxxxx# show ip dhcp snooping DHCP snooping is Enabled DHCP snooping is configured on following VLANs: 21 DHCP snooping database is Enabled Relay agent Information option 82 is Enabled Option 82 on untrusted port is allowed Verification of hwaddr field is Enabled DHCP snooping file update frequency is configured to: 6666 seconds

Interface ——–te1/0/1 te1/0/2

Trusted——- Yes Yes

show ip dhcp snooping binding

Use the show ip dhcp snooping binding User EXEC mode command to display the DHCP Snooping binding database and configuration information for all interfaces or for a specific interface.

Syntax

show ip dhcp snooping binding [mac-address mac-address] [ip-address

ip-address] [vlan vlan-id] [interface-id]

Parameters

mac-address mac-address—Specifies a MAC address.
ip-address ip-address—Specifies an IP address.
vlan vlan-id—Specifies a VLAN ID.
interface-id—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or Port-channel.

Command Mode User EXEC mode

Example

The following examples displays the DHCP snooping binding database and configuration information for all interfaces on a device.-

switchxxxxxx# show ip dhcp snooping binding Update frequency: 1200 Total number of binding: 2

Mac Address————0060.704C.73FF0060.704C.7BC1

IP Address———10.1.8.110.1.8.2

Lease(sec)——-798392332

Type——-snooping snooping(s)

VLAN—-33

Interface————–te1/0/1 te1/0/2

ip source-guard

Use the ip source-guard command in Configuration mode or Interface

Configuration mode to enable IP Source Guard globally on a device or in Interface Configuration (Ethernet, Port-channel) mode to enable IP Source Guard on an interface.

Use the no form of this command to disable IP Source Guard on the device or on an interface.

Syntax

ip source-guard no ip source-guard

Parameters

N/A

Default Configuration

IP Source Guard is disabled.

Command Mode

Interface (Ethernet, Port Channel) Configuration modeIP Source Guard must be enabled globally before enabling IP Source Guard on an interface.

IP Source Guard is active only on DHCP snooping untrusted interfaces, and if at least one of the interface VLANs are DHCP snooping enabled.

Example

The following example enables IP Source Guard on te1/0/4.

switchxxxxxx(config)# interface te1/0/4
switchxxxxxx(config-if)# ip source-guard

ip source-guard binding

Use the ip source-guard binding Global Configuration mode command to configure the static IP source bindings on the device. Use the no form of this command to delete the static bindings.

Syntax

ip source-guard binding mac-address vlan-id ip-address interface-id no ip source-guard binding mac-address vlan-id

Parameters

mac-address—Specifies a MAC address.
vlan-id—Specifies a VLAN number.
ip-address—Specifies an IP address.
interface-id—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or Port-channel.

Default Configuration

No static binding exists.

Command Mode

Global Configuration mode

Use the ip source-guard binding command to add a static entry to the DHCP database.

An entry added by this command can override the existed entry.

Use the no ip source-guard binding command to delete an entry from the DHCP database.

Example

The following example configures the static IP source bindings.

switchxxxxxx(config)# ip source-guard binding 0060.704C.73FF 23 176.10.1.1 te1/0/4

ip source-guard tcam retries-freq

Use the ip source-guard tcam retries-freq Global Configuration mode command to set the frequency of retries for TCAM resources for inactive IP Source Guard addresses. Use the no form of this command to restore the default configuration.

Syntax

ip source-guard tcam retries-freq {seconds | never} no ip source-guard tcam retries-freq

Parameters

seconds—Specifies the retries frequency in seconds. (Range: 10–600)
never—Disables automatic searching for TCAM resources.

Default Configuration

The default retries frequency is 60 seconds.

Command Mode

Global Configuration mode

Since the IP Source Guard uses the Ternary Content Addressable Memory (TCAM) resources, there may be situations when IP Source Guard addresses are inactive because of a lack of TCAM resources.

By default, once every minute the software conducts a search for available space in the TCAM for the inactive IP Source Guard addresses. Use this command to change the search frequency or to disable automatic retries for TCAM space.

The ip source-guard tcam locate command manually retries locating TCAM resources for the inactive IP Source Guard addresses.

The show ip source-guard inactive EXEC mode command displays the inactive IP Source Guard addresses.

Example

The following example sets the frequency of retries for TCAM resources to 2 minutes.

switchxxxxxx(config)# ip source-guard tcam retries-freq 120

ip source-guard tcam locate

Use the ip source-guard tcam locate Privileged EXEC mode command to manually retry to locate TCAM resources for inactive IP Source Guard addresses.

Syntax

ip source-guard tcam locate

Parameters

N/A

Command Mode

Privileged EXEC mode

User Guidelines

Since the IP Source Guard uses the Ternary Content Addressable Memory (TCAM) resources, there may be situations when IP Source Guard addresses are inactive because of a lack of TCAM resources.

By default, once every 60 seconds the software conducts a search for available space in the TCAM for the inactive IP Source Guard addresses.

Execute the ip source-guard tcam retries-freq command with the never keyword to disable automatic retries for TCAM space, and then execute this command to manually retry locating TCAM resources for the inactive IP Source Guard addresses.

The show ip source-guard inactive EXEC mode command displays the inactive IP source guard addresses.

Example

The following example manually retries to locate TCAM resources.

switchxxxxxx# ip source-guard tcam locate

show ip source-guard configuration

Use the show ip source-guard configuration EXEC mode command to display the IP source guard configuration for all interfaces or for a specific interface.

Syntax

show ip source-guard configuration [interface-id]

Parameters

interface-id—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or Port-channel.

Command Mode User EXEC mode

Example

The following example displays the IP Source Guard configuration.

switchxxxxxx# show ip source-guard configuration IP source guard is globally enabled.

Interface ——–te1/0/1 te1/0/2 te1/0/3 te1/0/4

State——Enabled EnabledEnabled Enabled

show ip source-guard status

Use the show ip source-guard status EXEC mode command to display the IP Source Guard status.

Syntax

show ip source-guard status [mac-address mac-address] [ip-address ip-address] [vlan vlan] [interface-id]

Parameters

mac-address mac-address—Specifies a MAC address.
ip-address ip-address—Specifies an IP address.
vlan vlan-id—Specifies a VLAN ID.
interface-id—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or Port-channel.

Command Mode User EXEC mode

Example

The following examples display the IP Source Guard status.

switchxxxxxx# show ip source-guard status IP source guard is globally enaabled.

Interface ——te1/0/1 te1/0/2 te1/0/3 te1/0/4

Filter—–IPIPIPIP

Status——-ActiveActiveActiveInactive

IP Address———–10.1.8.110.1.8.2Deny all

MAC Address—————0060.704C.73FF0060.704C.7BC10060.704C.7BC3

VLAN—334

Type—–DHCPStaticDHCP

show ip source-guard inactive

Use the show ip source-guard inactive EXEC mode command to display the IP Source Guard inactive addresses.

Syntax

show ip source-guard inactive

Parameters

N/A

Command Mode

User EXEC mode

User Guidelines

Since the IP Source Guard uses the Ternary Content Addressable Memory (TCAM) resources, there may be situations when IP Source Guard addresses are inactive because of a lack of TCAM resources.

By default, once every minute the software conducts a search for available space in the TCAM for the inactive IP Source Guard addresses.

Use the ip source-guard tcam retries-freq command to change the retry frequency or to disable automatic retries for TCAM space.

Use the ip source-guard tcam locate command to manually retry locating TCAM resources for the inactive IP Source Guard addresses.

This command displays the inactive IP source guard addresses.

Example

The following example displays the IP source guard inactive addresses.

switchxxxxxx# show ip source-guard inactive TCAM resources search frequency: 60 seconds

Interface——-te1/0/2 te1/0/3 te1/0/4

Filter—-IPIPI

IPAddress———10.1.8.32

MAC Address———–0060.704C.83FF

VLAN—–3

Type—-DHCP

Reason———ResourceProblemTrust port

show ip source-guard statistics

Use the show ip source-guard statistics EXEC mode command to display the Source Guard dynamic information (permitted stations).

Syntax

show ip source-guard statistics [vlan vlan-id]

Parameters

vlan-id—Display the statistics on this VLAN.

Command Mode

User EXEC mode

Example

switchxxxxxx# show ip source-guard statistics

VLAN  Statically Permitted Stations  DHCP Snooping Permitted Stations ---- ------------------------------- --------------------------------

2 2 3

ip arp inspection

Use the ip arp inspection Global Configuration mode command globally to enable Address Resolution Protocol (ARP) inspection. Use the no form of this command to disable ARP inspection.

Syntax

ip arp inspection no ip arp inspection

Parameters

N/A

Default Configuration

ARP inspection is disabled.

Command Mode

Global Configuration mode

User Guidelines

Note that if a port is configured as an untrusted port, then it should also be configured as an untrusted port for DHCP Snooping, or the

IP-address-MAC-address binding for this port should be configured statically. Otherwise, hosts that are attached to this port cannot respond to ARPs.

Example

The following example enables ARP inspection on the device.

switchxxxxxx(config)# ip arp inspection

ip arp inspection vlan

Use the ip arp inspection vlan Global Configuration mode command to enable ARP inspection on a VLAN, based on the DHCP Snooping database. Use the no form of this command to disable ARP inspection on a VLAN.

Syntax

ip arp inspection vlan vlan-id no ip arp inspection vlan vlan-id

Parameters

vlan-id—Specifies the VLAN ID.

Default Configuration

DHCP Snooping based ARP inspection on a VLAN is disabled.

Command Mode

Global Configuration mode

User Guidelines

This command enables ARP inspection on a VLAN based on the DHCP snooping database. Use the ip arp inspection list assign command to enable static ARP inspection.

Example

The following example enables DHCP Snooping based ARP inspection on VLAN 23.

switchxxxxxx(config)# ip arp inspection vlan 23

ip arp inspection trust

Use the ip arp inspection trust Interface Configuration (Ethernet, Port-channel) mode command to configure an interface trust state that determines if incoming Address Resolution Protocol (ARP) packets are inspected. Use the no form of this command to restore the default configuration.

Syntax

ip arp inspection trust no ip arp inspection trust

N/A

Default Configuration

The interface is untrusted.

Command Mode

Interface (Ethernet, Port Channel) Configuration mode

User Guidelines

The device does not check ARP packets that are received on the trusted interface; it only forwards the packets.

For untrusted interfaces, the device intercepts all ARP requests and responses. It verifies that the intercepted packets have valid IP-to-MAC address bindings before updating the local cache and before forwarding the packet to the appropriate destination. The device drops invalid packets and logs them in the log buffer according to the logging configuration specified with the ip arp inspection logging interval command.

Example

The following example configures te1/0/3 as a trusted interface.

switchxxxxxx(config)# interface te1/0/3
switchxxxxxx(config-if)# ip arp inspection trust

ip arp inspection validate

Use the ip arp inspection validate Global Configuration mode command to perform specific checks for dynamic Address Resolution Protocol (ARP) inspection. Use the no form of this command to restore the default configuration.

Syntax

ip arp inspection validate no ip arp inspection validate N/A

Default Configuration

ARP inspection validation is disabled.

Command Mode

Global Configuration mode

User Guidelines

The following checks are performed:

Source MAC address: Compares the source MAC address in the Ethernet header against the sender MAC address in the ARP body. This check is performed on both ARP requests and responses.
Destination MAC address: Compares the destination MAC address in the Ethernet header against the target MAC address in the ARP body. This check is performed for ARP responses.
IP addresses: Compares the ARP body for invalid and unexpected IP addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP multicast addresses.

Example

The following example executes ARP inspection validation.

switchxxxxxx(config)# ip arp inspection validate

ip arp inspection list create

Use the ip arp inspection list create Global Configuration mode command to create a static ARP binding list and enters the ARP list configuration mode. Use the no form of this command to delete the list.

Syntax

ip arp inspection list create name no ip arp inspection list create name

name—Specifies the static ARP binding list name. (Length: 1–32 characters).

Default Configuration

No static ARP binding list exists.

Command Mode

Global Configuration mode

User Guidelines

Use the ip arp inspection list assign command to assign the list to a VLAN.

Example

The following example creates the static ARP binding list ‘servers’ and enters the ARP list configuration mode.

switchxxxxxx(config)# ip arp inspection list create servers

ip mac

Use the ip mac ARP-list Configuration mode command to create a static ARP binding. Use the no form of this command to delete a static ARP binding.

Syntax ip ip-address mac mac-address no ip ip-address mac mac-address

Parameters

ip-address—Specifies the IP address to be entered to the list.
mac-address—Specifies the MAC address associated with the IP address.

Default Configuration

No static ARP binding is defined.

Command Mode

ARP-list Configuration mode

Example

The following example creates a static ARP binding.

switchxxxxxx(config)# ip arp inspection list create servers
switchxxxxxx(config-arp-list)# ip 172.16.1.1 mac 0060.704C.7321
switchxxxxxx(config-arp-list)# ip 172.16.1.2 mac 0060.704C.7322

ip arp inspection list assign

Use the ip arp inspection list assign Global Configuration mode command to assign a static ARP binding list to a VLAN. Use the no form of this command to delete the assignment.

Syntax

ip arp inspection list assign vlan-id name no ip arp inspection list assign vlan-id

Parameters

vlan-id—Specifies the VLAN ID.
name—Specifies the static ARP binding list name.

Default Configuration

No static ARP binding list assignment exists.

Command Mode

Global Configuration mode

Example

The following example assigns the static ARP binding list Servers to VLAN 37.

switchxxxxxx(config)# ip arp inspection list assign 37 servers

ip arp inspection logging interval

Use the ip arp inspection logging interval Global Configuration mode command to set the minimum time interval between successive ARP SYSLOG messages. Use the no form of this command to restore the default configuration.

Syntax

ip arp inspection logging interval {seconds | infinite} no ip arp inspection logging interval

Parameters

seconds—Specifies the minimum time interval between successive ARP SYSLOG messages. A 0 value means that a system message is immediately generated. (Range: 0–86400)
infinite—Specifies that SYSLOG messages are not generated.

Default Configuration

The default minimum ARP SYSLOG message logging time interval is 5 seconds.

Command Mode

Global Configuration mode

Example

The following example sets the minimum ARP SYSLOG message logging time interval to 60 seconds.

switchxxxxxx(config)# ip arp inspection logging interval 60

show ip arp inspection

Use the show ip arp inspection EXEC mode command to display the ARP inspection configuration for all interfaces or for a specific interface.

Syntax

show ip arp inspection [interface-id]

Parameters

interface-id—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or Port-channel.

Command Mode

User EXEC mode

Example

The following example displays the ARP inspection configuration.

switchxxxxxx# show ip arp inspection IP ARP inspection is Enabled IP ARP inspection is configured on following VLANs: 1 Verification of packet header is Enabled IP ARP inspection logging interval is: 222 seconds Interface Trusted ----------- ----------te1/0/1 Yes te1/0/2 Yes

show ip arp inspection list

Use the show ip arp inspection list Privileged EXEC mode command to display the static ARP binding list.

Syntax

show ip arp inspection list

Parameters

N/A

Command Mode

Privileged EXEC mode

Example

The following example displays the static ARP binding list.

switchxxxxxx# show ip arp inspection list List name: servers Assigned to VLANs: 1,2 IP ARP ----------- -------------- 172.16.1.1 0060.704C.7322 172.16.1.2 0060.704C.7322

show ip arp inspection statistics

Use the show ip arp inspection statistics EXEC command to display statistics for the following types of packets that have been processed by this feature: Forwarded, Dropped, IP/MAC Validation Failure.

Syntax

show ip arp inspection statistics [vlan vlan-id]

Parameters

vlan-id—Specifies VLAN ID.

Command Mode

User EXEC mode

User Guidelines

To clear ARP Inspection counters use the clear ip arp inspection statistics command. Counters values are kept when disabling the ARP Inspection feature.

Example

switchxxxxxx# show ip arp inspection statistics Vlan Forwarded Packets Dropped Packets IP/MAC Failures ---- ----------------------------------------------- 2 1500100 80

clear ip arp inspection statistics

Use the clear ip arp inspection statistics Privileged EXEC mode command to clear statistics ARP Inspection statistics globally.

Syntax

clear ip arp inspection statistics [vlan vlan-id]

Parameters

vlan-id—Specifies VLAN ID.

Command Mode

Privileged EXEC mode

Example

switchxxxxxx# clear ip arp inspection statistics

Knowledge Base

DHCP and DNS – DHCP Snooping

ip dhcp snooping

ip dhcp snooping vlan

ip dhcp snooping trust

ip dhcp snooping information option allowed-untrusted

ip dhcp snooping verify

ip dhcp snooping database

ip dhcp snooping binding

clear ip dhcp snooping database

show ip dhcp snooping

show ip dhcp snooping binding

ip source-guard

ip source-guard binding

ip source-guard tcam retries-freq

ip source-guard tcam locate

show ip source-guard configuration

show ip source-guard status

show ip source-guard inactive

show ip source-guard statistics

ip arp inspection

ip arp inspection vlan

ip arp inspection trust

ip arp inspection validate

ip arp inspection list create

ip mac

ip arp inspection list assign

ip arp inspection logging interval

show ip arp inspection

show ip arp inspection list

show ip arp inspection statistics

clear ip arp inspection statistics

Was this article helpful?

Leave A Comment? Cancel Reply

Knowledge Base

ip dhcp snooping

ip dhcp snooping vlan

ip dhcp snooping trust

ip dhcp snooping information option allowed-untrusted

ip dhcp snooping verify

ip dhcp snooping database

ip dhcp snooping binding

clear ip dhcp snooping database

show ip dhcp snooping

show ip dhcp snooping binding

ip source-guard

ip source-guard binding

ip source-guard tcam retries-freq

ip source-guard tcam locate

show ip source-guard configuration

show ip source-guard status

show ip source-guard inactive

show ip source-guard statistics

ip arp inspection

ip arp inspection vlan

ip arp inspection trust

ip arp inspection validate

ip arp inspection list create

ip mac

ip arp inspection list assign

ip arp inspection logging interval

show ip arp inspection

show ip arp inspection list

show ip arp inspection statistics

clear ip arp inspection statistics

Was this article helpful?

Related Articles

Leave A Comment? Cancel Reply