108
◆ Port – The port to which a static entry is bound.
◆ VLAN ID – The VLAN ID of a configured VLAN (Range: 1-4095).
◆ IP Address – Allowed Source IP address. A valid unicast IP address, including class types
A, B or C.
◆ IP Mask – It can be used for calculating the allowed network with IP address.
◆ MAC Address – Allowed Source MAC address. A valid unicast MAC address.
◆ Add New Entry – To add a new entry to the static IP source guard table. Specify the Port,
VLAN ID, IP address, and IP Mask for the new entry.Allowed Source MAC address..
WEB INTERFACE
To configure static bindings for IP Source Guard:
1. Click Configuration, Security, Network, IP Source Guard, Static Table.
2. Click “Add new entry.”
3. Enter the required bindings for a given port.
4. Click Save.
ARP Inspection
ARP Inspection is a security feature that validates the MAC Address bindings for Address
Resolution Protocol packets. It provides protection against ARP traffic with invalid MAC-to-IP
address bindings, which forms the basis for certain “man-in-the-middle” attacks. This is
accomplished by intercepting all ARP requests and responses and verifying each of these
packets before the local ARP cache is updated or the packet is forwarded to the appropriate
destination. Invalid ARP packets are dropped.
ARP Inspection determines the validity of an ARP packet based on valid IP-to-MAC address
bindings stored in a trusted database – the DHCP snooping binding database (see
"Configuring DHCP Snooping"). This database is built by DHCP snooping if it is enabled
globally on the switch and on the required ports. ARP Inspection can also validate ARP
packets against statically configured addresses.
COMMAND USAGE
Enabling & Disabling ARP Inspection
◆ ARP Inspection is controlled on a global and port basis.
◆ By default, ARP Inspection is disabled both globally and on all ports.
■ If ARP Inspection is globally enabled, then it becomes active only on the ports where it
To Next Page
Loading...
