[c-nsp] DAI errdisable mandatory?

Gabor Ivanszky gaborivanszky at gmail.com
Wed May 22 14:14:13 EDT 2013


Hi,

you might consider using "mls qos protocol arp".

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11_553261.html

regards,
Gabor

On Wed, May 22, 2013 at 1:41 AM, David Freedman
<david.freedman at uk.clara.net> wrote:
> Greetings all,
>
> When "ip arp inspection limit rate" on an untrusted (inspected) port on
> the 6500 platform is exceeded, does the port have to be errdisabled to
> give protection?  if it isn't, can't the box just drop the ARP frame and
> not inspect it to save processing? or is errdisabling the only alternative
> it has to stop things?
>
> I'd be interested to know, as I'd like to turn this off, I'd rather stop
> listening to ARP than drop the port.
>
> Thanks in advance for anybody who knows or can link to good documentation
> on the subject, I can't find any.
>
> Dave.
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list