2-506
Catalyst 6500 Series Switch Command Reference—Release7.6
78-15328-01
Chapter2 Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl arp-inspection
set security acl arp-inspection
To configure Address Resolution Protocol (ARP) inspection features, use the set security acl
arp-inspection command.
set security acl arp-inspection {match-mac | address-validation}
{enable | [drop [log]] | disable}
Syntax Description
Defaults The MAC address matching feature and the address validation feature are disab led.
Command Types Switch command.
Command Modes Privileged.
Usage Guidelines When you enter the set security acl arp-inspection match-mac enable command, the system drops
packets in which the source Ethernet address in the Ethernet header is not the same as the source MAC
address in the ARP header.
When you enter the set security acl arp-inspection address-validation enable command, the system
drops packets that have illegal IP or MAC addresses.
The following IP addresses are illegal:
0.0.0.0
255.255.255.255
Class D multicast IP addresses
The following MAC addresses are illegal:
00-00-00-00-00-00
Multicast MAC addresses
ff-ff-ff-ff-ff-ff
Note If you do not enter the drop keyword, the system only generates a syslog message.
match-mac Specifies the MAC address matching feature.
address-validation Specifies the address validation feature.
enable Enables the specified ARP inspection feature.
drop (Optional) Indicates to drop packets.
log (Optional) Enables logging.
disable Disables the specified ARP inspection feature.