The set protocols arp inspection vlan access-list command applies an ARP inspection access list to a VLAN.
set protocols arp inspection vlan <vlan-id> access-list <acl-name>
Specifies a VLAN ID. The value is an integer that ranges from 1 to 4094.
Specifies an access list name. The value is a string.
A VLAN can be configured with multiple access-lists, and the system will check through the access-lists of the VLAN to match an ARP entry upon receiving an ARP packet. If no ARP entry is matched, the ARP packet will be dropped.
Configure the access-list first and then apply to a VLAN, otherwise it will prompt access-list does not exist when committing this command.
- Apply the ARP inspection access list test1 to VLAN 100.