Name: Cisco Catalyst 2960-XR
Brand: Cisco
Rating: 5 (1 reviews)

To Next Page

To Previous Page

PurposeCommand or Action

Verify your settings.show ip arp inspection interfaces

show errdisable recovery

Step 7

(Optional) Save your entries in the configuration file.copy running-config startup-config

Step 8

How to Perform Validation Checks

Dynamic ARP inspection intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings.

You can configure the switch to perform additional checks on the destination MAC address, the sender and

target IP addresses, and the source MAC address. Beginning in privileged EXEC mode, follow these steps to

perform specific checks on incoming ARP packets.

This procedure is optional.

To disable checking, use theno ip arp inspection validate [src-mac] [dst-mac] [ip] global configuration

command. To display statistics for forwarded, dropped, and MAC and IP validation failure packets, use the

show ip arp inspection statistics privileged EXEC command.

SUMMARY STEPS

configure terminal

ip arp inspection validate {[src-mac] [dst-mac] [ip]}

exit

show ip arp inspection vlan vlan-range

copy running-config startup-config

DETAILED STEPS

PurposeCommand or Action

Enter global configuration mode.configure terminal

Step 1

Perform a specific check on incoming ARP packets. By default, no checks are performed.ip arp inspection validate

{[src-mac] [dst-mac] [ip]}

Step 2

The keywords have these meanings:

•

For src-mac, check the source MAC address in the Ethernet header against the

sender MAC address in the ARP body. This check is performed on both ARP

requests and responses. When enabled, packets with different MAC addresses are

classified as invalid and are dropped.

•

For dst-mac, check the destination MAC address in the Ethernet header against

the target MAC address in ARP body. This check is performed for ARP responses.

When enabled, packets with different MAC addresses are classified as invalid and

are dropped.

Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1

OL-29434-01 209

Configuring Dynamic ARP Inspection

How to Perform Validation Checks

Other manuals for Cisco Catalyst 2960-XR

Reference52 pages

Configuration Guide196 pages

Configuration Guides120 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 2960-XR and is the answer not in the manual?

Cisco Catalyst 2960-XR Specifications

General

Stacking Bandwidth	80 Gbps
Layer Support	Layer 2 and Layer 3
Jumbo Frame Support	9198 bytes
RAM	512 MB
Input Voltage	100-240V AC
Model	Catalyst 2960-XR
Uplink Interfaces	4 x 1G SFP or 2 x 10G SFP+
Downlink Interfaces	24 or 48 x Gigabit Ethernet ports
Power Supply	Internal
MAC Address Table Size	16, 000 entries
PoE	Available on PoE models
Weight	4.5 kg
Features	energy efficiency
Stacking	Up to 8 switches
Operating Temperature	0 to 45°C