ip arp inspection trust

Configures an interface as trusted for all VLANs configured on it.

Syntax

ip arp inspection trust
no ip arp inspection trust

Command Default

The interface is untrusted.

Modes

Interface subtype configuration mode

Usage Guidelines

This command is supported only on Layer 2 physical or port-channel interfaces.

On trusted interfaces, all incoming ARP packets are accepted.

On untrusted interfaces of DAI-enabled VLANs, incoming ARP packets from permitted IP/MAC addresses are accepted only if all of the following steps were performed:
  • Create the ACL, using the arp access-list command.
  • In the ACL, create one or more rules, using the permit ip host command. Each rule specifies an IP/MAC address-pair.
  • Apply the ACL to one or more VLANs, using the ip arp inspection filter command.
  • Enable DAI on such VLANs, using the ip arp inspection command.

The no form of this command configures the interface as untrusted.

Examples

The following example configures an Ethernet interface as trusted. 

device# configure terminal
device(conf)# interface ethernet 2/1
device(conf-if-eth-2/1)# ip arp inspection trust

The following example configures a port-channel interface as untrusted. 

device# configure terminal
device(conf)# interface port-channel 171
device(config-Port-channel-171)# no ip arp inspection trust
9036689-01 Rev AA