[c-nsp] DAI errdisable mandatory?

David Freedman david.freedman at uk.clara.net
Tue May 21 19:41:14 EDT 2013


Greetings all, 

When "ip arp inspection limit rate" on an untrusted (inspected) port on
the 6500 platform is exceeded, does the port have to be errdisabled to
give protection?  if it isn't, can't the box just drop the ARP frame and
not inspect it to save processing? or is errdisabling the only alternative
it has to stop things?

I'd be interested to know, as I'd like to turn this off, I'd rather stop
listening to ARP than drop the port.

Thanks in advance for anybody who knows or can link to good documentation
on the subject, I can't find any.

Dave. 




More information about the cisco-nsp mailing list