SUMMARY STEPS
1.
enable
2.
configure terminal
3.
ip arp inspection validate {[src-mac] [dst-mac] [ip]}
4.
exit
5.
show ip arp inspection vlan vlan-range
6.
show running-config
7.
copy running-config startup-config
DETAILED STEPS
PurposeCommand or Action
Enables privileged EXEC mode. Enter your password if prompted.enable
Step 1
Example:
Switch> enable
Enters the global configuration mode.configure terminal
Example:
Switch# configure terminal
Step 2
Performs a specific check on incoming ARP packets. By default, no checks are
performed.
ip arp inspection validate
{[src-mac] [dst-mac] [ip]}
Step 3
The keywords have these meanings:
•
For src-mac, check the source MAC address in the Ethernet header against
the sender MAC address in the ARP body. This check is performed on
both ARP requests and responses. When enabled, packets with different
MAC addresses are classified as invalid and are dropped.
•
For dst-mac, check the destination MAC address in the Ethernet header
against the target MAC address in ARP body. This check is performed for
ARP responses. When enabled, packets with different MAC addresses are
classified as invalid and are dropped.
•
For ip, check the ARP body for invalid and unexpected IP addresses.
Addresses include 0.0.0.0, 255.255.255.255, and all IP multicast addresses.
Sender IP addresses are checked in all ARP requests and responses, and
target IP addresses are checked only in ARP responses.
You must specify at least one of the keywords. Each command overrides the
configuration of the previous command; that is, if a command enables src and
dst mac validations, and a second command enables IP validation only, the src
and dst mac validations are disabled as a result of the second command.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1314
Performing Dynamic ARP Inspection Validation Checks
To Next Page
Loading...
Need help?
General
