EasyManua.ls Logo

Cisco WS-C6506

Cisco WS-C6506
1488 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
15-40
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Using VACLs in Your Network
Figure 15-8 Dynamic ARP Inspection Flow Chart
Note Only the ARP packets that are sent from an untrusted port are inspected. The ARP packets that are
received from a trusted port are forwarded without inspection (this process applies to both static and
dynamic ARP inspection). By default, the system configures the MSFC port as ARP inspection trusted.
ARP packet
redirected to
NMP
Received
on ARP-
inspection
trusted port?
Match-MAC
enabled?
Source and
payload MAC
match?
Address
validation
enabled?
ARP
inspection ACE
on VLANs
ACL?
Check ARP-
inspection
ACE rules
Match
found?
DAI
enabled on
VLAN?
Entry found
+ lease not
expired?
Payload and
bind entry IP
addresses
match?
Search DHCP
bind entries
wtih payload MAC
address and
VLAN
Valid
Address?
Packet
forwarded
Packet
forwarded
Packet
forwarded
Packet
dropped
Ye s
Ye s
Ye s
Ye s
Ye s
Ye s
Ye s Ye s
Ye s
No
No
Ye s
Ye s
Ye s
Ye s
No
No
No
No
No
No
No
No
ACE action
deny?
113309
Drop
enabled?
Drop
enabled?

Table of Contents

Related product manuals