C
HAPTER
13
| Security Measures
ARP Inspection
– 333 –
Figure 179: Configuring Global Settings for ARP Inspection
CONFIGURING VLAN
S
ETTINGS FOR ARP
INSPECTION
Use the Security > ARP Inspection (Configure VLAN) page to enable ARP
inspection for any VLAN and to specify the ARP ACL to use.
CLI REFERENCES
◆ "ARP Inspection" on page 699
COMMAND USAGE
ARP Inspection VLAN Filters (ACLs)
◆ By default, no ARP Inspection ACLs are configured and the feature is
disabled.
◆ ARP Inspection ACLs are configured within the ARP ACL configuration
page (see page 327).
◆ ARP Inspection ACLs can be applied to any configured VLAN.
◆ ARP Inspection uses the DHCP snooping bindings database for the list
of valid IP-to-MAC address bindings. ARP ACLs take precedence over
entries in the DHCP snooping bindings database. The switch first
compares ARP packets to any specified ARP ACLs.
◆ If Static is specified, ARP packets are only validated against the
selected ACL – packets are filtered according to any matching rules,
packets not matching any rules are dropped, and the DHCP snooping
bindings database check is bypassed.
◆ If Static is not specified, ARP packets are first validated against the
selected ACL; if no ACL rules match the packets, then the DHCP
snooping bindings database determines their validity.
PARAMETERS
These parameters are displayed:
◆ ARP Inspection VLAN ID – Selects any configured VLAN. (Default: 1)
◆ ARP Inspection VLAN Status – Enables ARP Inspection for the
selected VLAN. (Default: Disabled)
To Next Page
Loading...
