show ip arp-throttle

This command shows the current ARP throttle configuration, excluded MAC list, and client statistics.

Syntax


show ip arp-throttle

Example

This output indicates ARP throttle is enabled, filtering ARP packets according to the default packet threshold and aging-time settings. ARP packets from a device identified as 000f20-aeaec0 are excluded from ARP throttling, and statistics indicate 4 blacklisted clients and the ARP packet traffic of 180 clients being tracked.

switch# show ip arp-throttle

Source MAC Based ARP Attack Detection Information

  Enabled               : Yes
  Remediation Mode      : Filter
  Threshold (pkt)       : 30
  Blacklist Age (sec)   : 300

  Excluded MAC List
  -----------------
  000f20-aeaec0

  Clients in Blacklist  : 4
  Clients Being Tracked : 180

NOTE:

The “Clients in Blacklist” and “Clients being Tracked” counters shown above operate only when ARP throttle is enabled. Rebooting the switch restarts the counters from zero. Executing any of the following commands causes the switch to reset these counters to zero:

ip arp-throttle enable
(Starts the counters from zero.)
no ip arp-throttle enable
(Resets the counters to zero.)
ip arp-throttle remediation-mode <monitor | filter>
(Restarts the counters from zero if the ip arp-throttle remediation-mode setting is changed.)

NOTE:

If a failover occurs on a 5400R switch, the switch maintains the blacklist status of any currently blacklisted clients. However, the current list of tracked clients is cleared and restarted.