ip
Supported on the following devices:
- Access Points:
AP3000/X, AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP7602, AP7612, AP7622, AP7632,
AP7662, AP8163, AP8533.
- Service Platforms:
NX5500, NX7500, NX9500, NX9600
- Virtual Platforms: CX9000, VX9000
ip [arp [header-mismatch-validation|trust]|dhcp trust]
Parameters
ip [arp [header-mismatch-validation|trust]|dhcp trust]
arp
[header-mismatch-validation| trust] |
Configures ARP
packet settings
- header-mismatch-validation
– Enables matching of source MAC address in the ARP and Ethernet
headers to check for mismatch. This option is disabled by
default.
- trust – Enables trust
state for ARP responses on this interface. When enabled, ARP packets
received on this port are considered trusted and information from
these packets is used to identify rogue devices within the network.
This option is disabled by default.
|
dhcp
trust |
Enables trust
state for DHCP responses on this interface. When enabled, only DHCP
responses are trusted and forwarded on this port, and a DHCP server can be
connected only to a DHCP trusted port. This option is enabled by
default. |
Example
nx9500-6C8809(config-profile-testnx5500-if-ge1)#ip dhcp trust
nx9500-6C8809(config-profile-testnx5500-if-ge1)#ip arp header-mismatch-validation
nx9500-6C8809(config-profile-testnx5500-if-ge1)#show context
interface ge1
description "This is GigabitEthernet interface for Royal King"
duplex full
dot1x supplicant username Bob password 0 test@123
ip dhcp trust
ip arp header-mismatch-validation
qos trust dscp
qos trust 802.1p
channel-group 1
nx9500-6C8809(config-profile-testnx5500-if-ge1)#
Related Commands
no |
Removes the ARP and DHCP components configured for this interface |