ARP Inspection Commands
ip arp inspection trust
SPS208G/SPS224G4/SPS2024 Command Line Interface Reference Guide 66
4
ip arp inspection trust
The ip arp inspection trust Interface Configuration (Ethernet, Port-channel) mode
command configures an interface trust state that determines if incoming Address
Resolution Protocol (ARP) packets are inspected. To return to the default
configuration, use the no form of this command.
Syntax
ip arp inspection trust
no ip arp inspection trust
Default Configuration
The interface is untrusted.
Command Mode
Interface Configuration (Ethernet, Port-channel) mode.
User Guidelines
The switch does not check ARP packets, which are received on the trusted
interface; it simply forwards the packets.
For untrusted interfaces, the switch intercepts all ARP requests and responses. It
verifies that the intercepted packets have valid IP-to-MAC address bindings
before updating the local cache and before forwarding the packet to the
appropriate destination. The switch drops invalid packets and logs them in the log
buffer according to the logging configuration specified with the ip arp inspection
log-buffer vlan Global Configuration mode command.
Example
The following example configures an interface trust state that determines if
incoming Address Resolution Protocol (ARP) packets are inspected.
Console(config)# interface ethernet 1
Console(config-if)# ip arp inspection trust