MES53xx, MES33xx, MES23xx Ethernet Switch Series 164
show ip source-guard inactive
Command shows inactive sender IP addresses.
Examples of command usage
Show IP address protection configuration for all interfaces.
console# show ip source-guard configuration
IP source guard is globally enabled.
Interface State
--------- ------
te0/4 Enabled
te0/21 Enabled
te0/22 Enabled
Enable IP address protection for traffic filtering based on DHCP snooping mapping table and IP
Source Guard static mappings. Create a static entry in the mapping table Ethernet interface 12:
client IP address 192.168.16.14, MAC address 00:60:70:4A:AB:AF. The interface in the 3rd VLAN
group:
console# configure
console(config)# ip dhcp snooping
console(config)# ip source-guard
console(config)# ip source-guard binding 0060.704A.ABAF 3 192.168.16.14
tengigabitethernet 1/0/12
11.1.5 ARP Inspection
ARP Inspection feature ensures protection from attacks via ARP (e.g., ARP-spoofing). ARP
inspection is based on static mappings between specific IP and MAC addresses for a VLAN group.
If a port is configured as untrusted for the ARP Inspection feature, it must also be untrusted
for DHCP snooping, and the mapping between MAC and IP addresses for this port should be
static. Otherwise, the port will not respond to ARP requests.
Untrusted ports are checked for correspondence between IP and MAC addresses.
Global configuration mode commands
Command line prompt in the global configuration mode is as follows:
console(config)#
Table 5.185. Global configuration mode commands
The function is disabled by
default.
ip arp inspection vlan
vlan_id
vlan_id: (1..4094).
The function is disabled by
default.
Enable ARP Inspection based on DHCP snooping mapping
database in the selected VLAN group.
no ip arp inspection vlan
vlan_id
Disable ARP Inspection based on DHCP snooping mapping
database in the selected VLAN group.
ip arp inspection validate
Enable specific checks for ARP inspection.
To Next Page
Loading...
Need help?
General
