UMN:CLI User Manual
V5808
226
By the following command, the ARP access list also refers to a DHCP snooping binding
table to permit the ARP packets for DHCP users. This reference enables the system to
permit ARP packets only for the IP addresses on the DHCP snooping binding table. The
ARP access list with the DHCP snooping allows IP communications to users authorized
by the DHCP snooping.
To permit/discard ARP packets for the users authorized by the DHCP snooping, use the
following command.
permit dhcp-snoop-inspection
Permits ARP packets of users authorized by the DHCP
snooping.
no permit dhcp-snoop-
inspection
Discards a configured ARP packets of users authorized
by the DHCP snooping.
To display the configured APR access lists, use the following command.
show arp access-list [NAME]
Displays existing ARP access list names.
7.15.4.2 Enabling ARP Inspection Filtering
To enable/disable the ARP inspection filtering of a certain range of IP addresses from the
ARP access list, use the following command.
ip arp inspection filter NAME
vlan VLANS
Enables ARP inspection filtering with a configured ARP
access list on specified VLAN.
NAME: ARP access list name
no ip arp inspection filter NAME
vlan VLANS
Disables ARP inspection filtering with a configured ARP
access list on specified VLAN.
ARP inspection actually runs in the system after the configured ARP access list applies to
specific VLAN using the ip arp inspection filter command.
7.15.4.3 ARP Address Validation
The V5808 also provides the ARP validation feature. Regardless of a static ARP table, the
ARP validation will discard ARP packets in the following cases:
• In case a sender MAC address of ARP packet does not match a source MAC
address of Ethernet header.
• In case a target MAC address of ARP reply packet does not match a destination
MAC address of Ethernet header.
• In case of a sender IP address of ARP packet or target IP address is 0.0.0.0 or
To Next Page
Loading...