Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DAI inspection - Rate limit

Hey All,

I've implemented layer 2 security for DAI and DHCP snooping etc

I've set the the following interface command for packets per second.

"ip arp inspection limit rate 100"

But I noticed printers go over the 100 now and then, and the port goes into err-disable.

So questions,

Is 100 a appropriate value? I've never had any user ports have issues as of yet.

Is there a way to make limit rate unlimited for specified mac addresses? as the printers can move around.

Many Thanks,

Alan

2 REPLIES
VIP Super Bronze

Re: DAI inspection - Rate limit

Hi Alan,

The values for rate limit are  between 1 and 2048 pps. You may want to raise it to a larger number and see if the printers work correctly.

For untrusted interface the default is 15pps and for trusted is unlimited.

Here is the command reference guide:

http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_arp.html#wp1012378

HTH

Reza

New Member

Re: DAI inspection - Rate limit

thanks, i've already read through the guide and know the default values.

Raising to a larger value, does make it work. But I was just wondering if there is a way to set up a access list or something, so it still works when the printer moves to a new port..?

i.e there is a arp access-list for devices with static IPs.

Maybe this is not possible.

A

319
Views
0
Helpful
2
Replies