Administrator Guide
Layer 2 Switching Commands 381
Default Configuration
Interfaces are configured as untrusted by default.
Command Mode
Interface Configuration (gigabitethernet, port-channel, tengigabitethernet,
fortygigabitethernet) mode
User Guidelines
There are no user guidelines for this command.
Example
console(config-if-Gi1/0/3)#ip arp inspection trust
ip arp inspection validate
Use the ip arp inspection validate command to enable additional validation
checks like source MAC address validation, destination MAC address
validation or IP address validation on the received ARP packets. Each
command overrides the configuration of the previous command. For
example, if a command enables source MAC address and destination MAC
address validations and a second command enables IP address validation only,
the source MAC address and destination MAC address validations are
disabled as a result of the second command. Use the “no” form of this
command to disable additional validation checks.
Syntax
ip arp inspection validate {[src-mac] [dst-mac] [ip]}
no ip arp inspection validate {[src-mac] [dst-mac] [ip]}
• src-mac
—
For validating the source MAC address of an ARP packet.
• dst-mac
—
For validating the destination MAC address of an ARP packet.
• ip
—
For validating the IP address of an ARP packet.
Default Configuration
There is no additional validation enabled by default.