Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
808
Views
0
Helpful
2
Replies

DAI inspection - Rate limit

alanc3141592654
Level 1
Level 1

‎04-08-2010 06:40 PM - edited ‎03-06-2019 10:32 AM

Hey All,

I've implemented layer 2 security for DAI and DHCP snooping etc

I've set the the following interface command for packets per second.

"ip arp inspection limit rate 100"

But I noticed printers go over the 100 now and then, and the port goes into err-disable.

So questions,

Is 100 a appropriate value? I've never had any user ports have issues as of yet.

Is there a way to make limit rate unlimited for specified mac addresses? as the printers can move around.

Many Thanks,

Alan

Labels:
0 Helpful
2 Replies 2

Reza Sharifi
Hall of Fame
Hall of Fame

‎04-08-2010 07:28 PM

Hi Alan,

The values for rate limit are  between 1 and 2048 pps. You may want to raise it to a larger number and see if the printers work correctly.

For untrusted interface the default is 15pps and for trusted is unlimited.

Here is the command reference guide:

http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_arp.html#wp1012378

HTH

Reza

0 Helpful

alanc3141592654
Level 1
Level 1
In response to Reza Sharifi

‎04-08-2010 08:34 PM

thanks, i've already read through the guide and know the default values.

Raising to a larger value, does make it work. But I was just wondering if there is a way to set up a access list or something, so it still works when the printer moves to a new port..?

i.e there is a arp access-list for devices with static IPs.

Maybe this is not possible.

A

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card