Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
865
Views
0
Helpful
3
Replies

DAI - arp limit

Przemyslaw Konitz
Level 1
Level 1

‎12-05-2011 11:08 AM - edited ‎03-07-2019 03:44 AM

hello

One question what is the best practice in limiting the number of ARP frames when using Dynamic ARP Inspection?

15 is the default for untrusted interfaces, but is it enough in normal environment? I know that it depends on the network, but if someone could just share his experience I'll be grateful.

I have the environment where some stations generate a bit to much ARP traffic and of course printers (dunno but even 60 in 1s period).

Is the default value considered optimal?

regards

Labels:
0 Helpful
3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

‎12-05-2011 01:05 PM

Hi,

In most cases 15 (default) is more then enough.  This means a host can talk to 15 different hosts per second.

here is the command reference guide:

http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_arp.html#wp1012378

HTH

0 Helpful

Przemyslaw Konitz
Level 1
Level 1
In response to Reza Sharifi

‎12-05-2011 11:34 PM

Hi Reza,

thx for reply,

For me its obvious that in normal case one station shouldn't generate more than 15 ARPs in 1 second, but what with corporate networks? Have you experienced during implementation that there are some scripts i.e. in AD that can imply such a behaviour? Or maybe shared printers?

regards

Przemek

0 Helpful

dominic.caron
Level 5
Level 5
In response to Przemyslaw Konitz

‎02-01-2013 05:09 AM

One thing that could generate this kind of arp trafic is the use of proxy arp and miss-configured netmask.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card