2-143
Catalyst 3550 Multilayer Switch Command Reference
OL-8566-02
Chapter 2 Catalyst 3550 Switch Cisco IOS Commands
ip arp inspection validate
ip arp inspection validate
Use the ip arp inspection validate global configuration command to perform specific checks for
dynamic Address Resolution Protocol (ARP) inspection. Use the no form of this command to return to
the default settings.
ip arp inspection validate {[src-mac] [dst-mac] [ip]}
no ip arp inspection validate [src-mac] [dst-mac] [ip]
Syntax Description
Defaults No checks are performed.
Command Modes Global configuration
Command History
Usage Guidelines You must specify at least one of the keywords. Each command overrides the configuration of the
previous command; that is, if a command enables src-mac and dst-mac validations, and a second
command enables IP validation only, the src-mac and dst-mac validations are disabled as a result of the
second command.
If you first specify the src-mac keyword, you also can specify the dst-mac and ip keywords. If you first
specify the ip keyword, no other keywords can be specified.
The no form of the command disables only the specified checks. If none of the options are enabled, all
checks are disabled.
src-mac Compare the source MAC address in the Ethernet header against the sender MAC
address in the ARP body. This check is performed on both ARP requests and
responses.
When enabled, packets with different MAC addresses are classified as invalid and are
dropped.
dst-mac Compare the destination MAC address in the Ethernet header against the target MAC
address in ARP body. This check is performed for ARP responses.
When enabled, packets with different MAC addresses are classified as invalid and are
dropped.
ip Compare the ARP body for invalid and unexpected IP addresses. Addresses include
0.0.0.0, 255.255.255.255, and all IP multicast addresses.
Sender IP addresses are compared in all ARP requests and responses. Target IP
addresses are compared only in ARP responses.
Release Modification
12.2(25)SEA This command was introduced.
To Next Page
Loading...
Need help?
General
