disable ip-security arp learning learn-from-arp

disable ip-security arp learning learn-from-arp [dynamic | {vlan} vlan_name] ports [all | ports]

Description

Disables ARP learning on the specified VLAN and member ports.

Syntax Description

vlan_name Specifies the name of the VLAN to which this rule applies.
dynamic Configuration options for dynamically created VLANs.
all Specifies all ingress ports.
ports Specifies one or more ingress ports.

Default

By default, ARP learning is enabled.

Usage Guidelines

You can disable ARP learning so that the only entries in the ARP table are either manually added or those created by DHCP secured ARP; the switch does not add entries by tracking ARP requests and replies. By disabling ARP learning and adding a permanent entry or configuring DHCP secured ARP, you can centrally manage and allocate client IP addresses and prevent duplicate IP addresses from interrupting network operation.

To manually add a permanent entry to the ARP table, use the following command:

configure iparp add ip_addr {vrvr_name} mac

To configure DHCP secure ARP as a method to add entries to the ARP table, use the following command:

enable ip-security arp learning learn-from-dhcp vlan vlan_name ports [all | ports] {poll-interval interval_in_seconds} {retries number_of_retries}

Displaying ARP Information

To display how the switch builds an ARP table and learns MAC addresses for devices on a specific VLAN and associated member ports, use the following command:

show ip-security arp learning {vlan} vlan_name

To view the ARP table, including permanent and DHCP secured ARP entries, use the following command:

show iparp {ip_address | mac | vlanvlan_name | permanent} {vrvr_name}
Note

Note

DHCP secured ARP entries are stored as static entries in the ARP table.

Example

The following command disables ARP learning on port 1:1 of the VLAN learn:

disable ip-security arp learning learn-from-arp vlan learn ports 1:1

History

This command was first available in ExtremeXOS 11.6.

Dynamic VLAN option was added in ExtremeXOS 30.2.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.