Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

DAI - arp limit

hello

One question what is the best practice in limiting the number of ARP frames when using Dynamic ARP Inspection?

15 is the default for untrusted interfaces, but is it enough in normal environment? I know that it depends on the network, but if someone could just share his experience I'll be grateful.

I have the environment where some stations generate a bit to much ARP traffic and of course printers (dunno but even 60 in 1s period).

Is the default value considered optimal?

regards

Everyone's tags (3)
3 REPLIES
VIP Super Bronze

DAI - arp limit

Hi,

In most cases 15 (default) is more then enough.  This means a host can talk to 15 different hosts per second.

here is the command reference guide:

http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_arp.html#wp1012378

HTH

New Member

DAI - arp limit

Hi Reza,

thx for reply,

For me its obvious that in normal case one station shouldn't generate more than 15 ARPs in 1 second, but what with corporate networks? Have you experienced during implementation that there are some scripts i.e. in AD that can imply such a behaviour? Or maybe shared printers?

regards

Przemek

DAI - arp limit

One thing that could generate this kind of arp trafic is the use of proxy arp and miss-configured netmask.

670
Views
0
Helpful
3
Replies
CreatePlease to create content