UMN:CLI User Manual
V8102
274
by the DHCP snooping.
To permit/discard ARP packets for the users authorized by the DHCP snooping, use the
following command.
permit dhcp-snoop-inspection
Permits ARP packets of users authorized by the DHCP
snooping.
no permit dhcp-snoop-
inspection
Discards a configured ARP packets of users authorized
by the DHCP snooping.
To display the configured APR access lists, use the following command.
show arp access-list [NAME]
Displays existing ARP access list names.
8.1.4.2 Enabling ARP Inspection Filtering
To enable/disable the ARP inspection filtering of a certain range of IP addresses from the
ARP access list, use the following command.
ip arp inspection filter NAME
vlan VLANS
Enables ARP inspection filtering with a configured ARP
access list on specified VLAN.
NAME: ARP access list name
no ip arp inspection filter NAME
vlan VLANS
Disables ARP inspection filtering with a configured ARP
access list on specified VLAN.
ARP inspection actually runs in the system after the configured ARP access list applies to
specific VLAN using the ip arp inspection filter command.
8.1.4.3 ARP Address Validation
The V8102 also provides the ARP validation feature. Regardless of a static ARP table, the
ARP validation will discard ARP packets in the following cases:
• In case a sender MAC address of ARP packet does not match a source MAC address
of Ethernet header
• In case a target MAC address of ARP reply packet does not match a destination MAC
address of Ethernet header
• In case of a sender IP address of ARP packet or target IP address is 0.0.0.0,
255.255.255.255 or one of multicast IP addresses
To enable/disable the ARP validation, use the following command.
ip arp inspection validate {src-
Enables the ARP validation with the following options.
To Next Page
Loading...