Chapter 12
| Security Measures
ARP Inspection
– 316 –
Web Interface
To configure VLAN settings for ARP Inspection:
1. Click Security, ARP Inspection.
2. Select Configure VLAN from the Step list.
3. Enable ARP inspection for the required VLANs, select an ARP ACL filter to check
for configured addresses, and select the Static option to bypass checking the
DHCP snooping bindings database if required.
4. Click Apply.
Figure 204: Configuring VLAN Settings for ARP Inspection
Configuring Interface
Settings for ARP
Inspection
Use the Security > ARP Inspection (Configure Interface) page to specify the ports
that require ARP inspection, and to adjust the packet inspection rate.
Parameters
These parameters are displayed:
◆ Interface – Port or trunk identifier.
◆ Trust Status – Configures the port as trusted or untrusted. (Default: Untrusted)
By default, all untrusted ports are subject to ARP packet rate limiting, and all
trusted ports are exempt from ARP packet rate limiting.
Packets arriving on trusted interfaces bypass all ARP Inspection and ARP
Inspection Validation checks and will always be forwarded, while those arriving
on untrusted interfaces are subject to all configured ARP inspection tests.
◆ Packet Rate Limit – Sets the maximum number of ARP packets that can be
processed by the CPU per second on trusted or untrusted ports.
(Range: 0-2048; Default: 15)
Setting the rate limit to “0” means that there is no restriction on the number of
ARP packets that can be processed by the CPU.
The switch will drop all ARP packets received on a port which exceeds the
configured ARP-packets-per-second rate limit.
To Next Page
Loading...
Need help?
General
