Security Suite
ARP VLANs
SPS208G/SPS224G4/SPS2024 Service Provider Switches User Guide 148
8
ARP VLANs
The
ARP VLANs Screen
contains fields for enabling ARP Inspection on VLANs. In
the Enabled VLAN table, users assign static ARP Inspection Lists to enabled
VLANs. When a packet passes through an untrusted interface which is enabled for
ARP Inspection, the device performs the following checks in order:
• Determines if the packet’s IP address and MAC address exist in the static
ARP Inspection list. If the addresses match, the packet passes through the
interface.
• If the device does not find a matching IP address, but DHCP Snooping is
enabled on the VLAN, the device checks the DHCP Snooping database for
the IP address-VLAN match. If the entry exists in the DHCP Snooping
database, the packet passes through the interface.
• If the packet’s IP address is not listed in the ARP Inspection List or the DHCP
Snooping database, the device rejects the packet.
To Next Page
Loading...
