User Manual UMN:CLI
V5808
227
255.255.255.255 or one of multicast IP addresses.
To enable/disable the ARP validation, use the following command.
ip arp inspection validate {src-
mac | dst-mac | ip}
Enables the ARP validation with the following options.
src-mac: source MAC address.
dst-mac: destination MAC address.
ip: source/destination IP address.
no ip arp inspection validate
{src-mac | dst-mac | ip}
Disables the ARP validation.
The src-mac, dst-mac, and ip options can be configured together.
7.15.4.4 ARP Inspection on Trust Port
The ARP inspection defines 2 trust states, trusted and untrusted. Incoming packets via
trusted ports bypass the ARP inspection process, while those via untrusted ports go
through the ARP inspection process. Normally, the ports connected to subscribers are
configured as untrusted, while the ports connected to an upper network are configured as
trusted.
To set a trust state on a port for the ARP inspection, use the following command.
ip arp inspection trust port
PORTS
Sets a trust state on a port as trusted
PORTS: port number
no ip arp inspection trust port
PORTS
Sets a trust state on a port as untrusted
PORTS: port number
To display a configured trust port of the ARP inspection, use the following command.
show ip arp inspection trust
[port PORTS]
Shows a configured trust port of the ARP inspection.
7.15.4.5 ARP Inspection Log-buffer
Log-buffer function shows the list of subscribers who have been used invalid fixed IP
addresses. This function saves the information of users who are discarded by ARP
inspection and generates periodic syslog messages.
Log-buffer function is automatically enabled with ARP inspection. If V5808 receives
invalid or denied ARP packets by ARP inspection, it creates the table of entries that
include the information of port number, VLAN ID, source IP address, source MAC
address and time. In addition, you can specify the maximum number of entries.
To Next Page
Loading...