EasyManuals Logo

Cisco SGE2000 - Cisco - Gigabit Switch Administration Guide

Cisco SGE2000 - Cisco - Gigabit Switch
410 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #150 background imageLoading...
Page #150 background image
Configuring Device Security
Defining Dynamic ARP Inspection
Cisco Small Business SFE/SGE Managed Switches Administration Guide 141
4
- Resource Problem — Indicates that the TCAM is full.
STEP 4 Click Apply. The device is updated.
Defining Dynamic ARP Inspection
Dynamic Address Resolution Protocol
(ARP) is a TCP/IP protocol for translating IP
addresses into MAC addresses. Classic ARP does the following:
Permits two hosts on the same network to communicates and send packets.
Permits two hosts on different packets to communicate via a gateway.
Permits routers to send packets via a host to a different router on the same
network.
Permits routers to send packets to a destination host via a local host.
ARP Inspection intercepts, discards, and logs ARP packets that contain invalid IP-
to-MAC address bindings. This eliminates man-in-the-middle attacks, where false
ARP packets are inserted into the subnet. Packets are classified as:
Truste d — Indicates that the interface IP and MAC address are recognized,
and recorded in the ARP Inspection List. Trusted packets are forward
without ARP Inspection.
Untrusted — Indicates that the packet arrived from an interface that does
not have a recognized IP and MAC addresses. The packet is checked for:
-
Source MAC
— Compares the packet’s source MAC address in the
Ethernet header against the senders MAC address in the ARP request.
This check is performed on both ARP requests and responses.
-
Destination MAC
— Compares the packet’s destination MAC address in
the Ethernet header against the destination interface’s MAC address.
This check is performed for ARP responses.
-
IP Addresses
— Checks the ARP body for invalid and unexpected IP
addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP
Multicast addresses.
If the packet’s IP address was not found in the ARP Inspection List, and DHCP
snooping is enabled for a VLAN, a search of the DHCP Snooping Database is
performed. If the IP address is found, the packet is valid and is forwarded.

Table of Contents

Other manuals for Cisco SGE2000 - Cisco - Gigabit Switch

Preview: Quick Start Guide
Quick Start Guide2 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco SGE2000 - Cisco - Gigabit Switch and is the answer not in the manual?

Cisco SGE2000 - Cisco - Gigabit Switch Specifications

General IconGeneral
Form FactorRack-mountable
Switching Capacity48 Gbps
Forwarding Rate35.7 Mpps
LayerLayer 2
Power SupplyInternal
ManagementWeb-based, SNMP, CLI
MAC Address Table Size8000 entries
VLANs256
FeaturesQuality of Service (QoS), IGMP snooping, Port mirroring
Dimensions (W x D x H)440 x 257 x 44 mm (17.3 x 10.1 x 1.73 in)
Operating Temperature0°C to 40°C (32°F to 104°F)
Storage Temperature-20 to 70°C (-4 to 158°F)
Relative Humidity10% to 90% non-condensing
Standards ComplianceIEEE 802.3, IEEE 802.3u, IEEE 802.3ab, IEEE 802.3x

Related product manuals