enable ip-security arp learning learn-from-arp

enable ip-security arp learning learn-from-arp {vlan} vlan_name ports [all | ports]


Enables ARP learning for the specified VLAN (Virtual LAN) and member ports.

Syntax Description

vlan_name Specifies the name of the VLAN to which this rule applies.
all Specifies all ingress ports.
ports Specifies one or more ingress ports.


By default, ARP learning is enabled.

Usage Guidelines

ARP is part of the TCP/IP suite used to associate a device‘s physical address (MAC address) with its logical address (IP address). The switch broadcasts an ARP request that contains the IP address, and the device with that IP address sends back its MAC address so that traffic can be transmitted across the network. The switch maintains an ARP table (also known as an ARP cache) that displays each MAC address and its corresponding IP address.

By default, the switch builds its ARP table by tracking ARP requests and replies, which is known as ARP learning.

Displaying ARP Information

To display how the switch builds an ARP table and learns MAC addresses for devices on a specific VLAN and associated member ports, use the following command:

show ip-security arp learning {vlan} vlan_name

To view the ARP table, including permanent and DHCP (Dynamic Host Configuration Protocol) secured ARP entries, use the following command:

show iparp {ip_addre |mac | vlanvlan_name | permanent} {vrvr_name}


The following command enables ARP learning on port 1:1 of the VLAN learn:

enable ip-security arp learning learn-from-arp vlan learn ports 1:1


This command was first available in ExtremeXOS 11.6.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.