C
HAPTER
13
| Security Measures
ARP Inspection
– 333 –
Figure 179: Configuring Global Settings for ARP Inspection
CONFIGURING VLAN
S
ETTINGS FOR ARP
INSPECTION
Use the Security > ARP Inspection (Configure VLAN) page to enable ARP
inspection for any VLAN and to specify the ARP ACL to use.
CLI REFERENCES
â—† "ARP Inspection" on page 699
COMMAND USAGE
ARP Inspection VLAN Filters (ACLs)
â—† By default, no ARP Inspection ACLs are configured and the feature is
disabled.
â—† ARP Inspection ACLs are configured within the ARP ACL configuration
page (see page 327).
â—† ARP Inspection ACLs can be applied to any configured VLAN.
â—† ARP Inspection uses the DHCP snooping bindings database for the list
of valid IP-to-MAC address bindings. ARP ACLs take precedence over
entries in the DHCP snooping bindings database. The switch first
compares ARP packets to any specified ARP ACLs.
â—† If Static is specified, ARP packets are only validated against the
selected ACL – packets are filtered according to any matching rules,
packets not matching any rules are dropped, and the DHCP snooping
bindings database check is bypassed.
â—† If Static is not specified, ARP packets are first validated against the
selected ACL; if no ACL rules match the packets, then the DHCP
snooping bindings database determines their validity.
PARAMETERS
These parameters are displayed:
◆ ARP Inspection VLAN ID – Selects any configured VLAN. (Default: 1)
◆ ARP Inspection VLAN Status – Enables ARP Inspection for the
selected VLAN. (Default: Disabled)
To Next Page
Loading...
Need help?
General