Chapter 12
| Security Measures
ARP Inspection
– 315 –
Configuring VLAN
Settings for ARP
Inspection
Use the Security > ARP Inspection (Configure VLAN) page to enable ARP inspection
for any VLAN and to specify the ARP ACL to use.
Command Usage
ARP Inspection VLAN Filters (ACLs)
â—† By default, no ARP Inspection ACLs are configured and the feature is disabled.
â—† ARP Inspection ACLs are configured within the ARP ACL configuration page
(see page 306).
â—† ARP Inspection ACLs can be applied to any configured VLAN.
â—† ARP Inspection uses the DHCP snooping bindings database for the list of valid
IP-to-MAC address bindings. ARP ACLs take precedence over entries in the
DHCP snooping bindings database. The switch first compares ARP packets to
any specified ARP ACLs.
◆ If Static is specified, ARP packets are only validated against the selected ACL –
packets are filtered according to any matching rules, packets not matching any
rules are dropped, and the DHCP snooping bindings database check is
bypassed.
â—† If Static is not specified, ARP packets are first validated against the selected ACL;
if no ACL rules match the packets, then the DHCP snooping bindings database
determines their validity.
Parameters
These parameters are displayed:
◆ ARP Inspection VLAN ID – Selects any configured VLAN. (Default: 1)
◆ ARP Inspection VLAN Status – Enables ARP Inspection for the selected VLAN.
(Default: Disabled)
â—† ARP Inspection ACL Name
â–
ARP ACL – Allows selection of any configured ARP ACLs. (Default: None)
â–
Static – When an ARP ACL is selected, and static mode also selected, the
switch only performs ARP Inspection and bypasses validation against the
DHCP Snooping Bindings database. When an ARP ACL is selected, but static
mode is not selected, the switch first performs ARP Inspection and then
validation against the DHCP Snooping Bindings database.
(Default: Disabled)
To Next Page
Loading...
Need help?
General
