UMN:CLI User ManualV5812G1887.14.3.1 ARP Access ListYou can exclude a given range of IP addresses from the ARP inspection using ARPaccess lists. ARP access lists are created by the arp access-list command on the GlobalConfiguration mode. ARP access list permits or denies the ARP packets of a given rangeof IP addresses.To create/delete ARP access list (ACL), use the following command.Command Mode Descriptionarp access-list NAMEGlobalOpens ARP ACL configuration mode and creates anARP access list.NAME: ARP access list nameno arp access-list NAME Deletes an ARP access list.arp access-list delete all Deletes all ARP access lists.After opening ARP Access List Configuration mode, the prompt changes fromSWITCH(config)# to SWITCH(config-arp-acl[NAME])#. After opening ARP ACLConfiguration mode, a range of IP addresses can be configured to apply ARP inspection.By default, ARP Access List discards the ARP packets of all IP addresses and MACaddresses.To configure the range of IP address to deny ARP packets, use the following command.Command Mode Descriptiondeny ip any mac {any | hostMACADDR}ARP-ACLDiscards all ARP packets of all IP addresses with allMAC addresses which have not learned before on ARPinspection table or a specific MAC addressany: ignores sender IP/MAC addresshost: sender hostMACADDR: sender MAC addressdeny ip host A.B.C.D mac {any |host MACADDR}Discards ARP packets from a specific host.MACADDR: MAC addressdeny ip range A.B.C.D A.B.C.Dmac anyDiscards ARP packets of a given range of IPaddresses.A.B.C.D: start/end IP address of senderdeny ip A.B.C.D/A mac {any |host MACADDR}Discards ARP packets of a sender IP networkaddresses.A.B.C.D/A: sender IP network addressi