Orion A10E - Configuring Trusted Interfaces of Dynamic ARP Inspection; Default Configurations of Dynamic ARP Inspection; Preparing for Configurations

To Next Page

To Previous Page

Orion Networks

A10E/A28E/A28F Configuration Guide

6 Security

Orion Networks

161

6.3.2 Preparing for configurations

Scenario

Dynamic ARP inspection is used to prevent the common ARP spoofing attacks in the network,

which isolates the ARP packets with unsafe sources. Trust status of an interface depends on

whether trust ARP packets. However, the binding table decides whether the ARP packets meet

requirement.

Prerequisite

Enable DHCP Snooping if there is a DHCP user.

6.3.3 Default configurations of dynamic ARP inspection

The default configuration of dynamic ARP inspection is as below.

Function

Default value

Dynamic ARP inspection interface trust status

Untrusted

Dynamic ARP inspection static binding

Disable

Binding status of dynamic ARP inspection and dynamic DHCP

Snooping

Disable

Binding status of dynamic ARP inspection and dynamic DHCP Relay

Disable

Dynamic ARP inspection static binding table

N/A

Dynamic ARP inspection protection VLAN

All VLANs

Interface ARP packets rate limiting

Disable

Interface ARP packets rate limiting

100pps

ARP packets rate limiting recovery

Disable

ARP packets rate limiting recovery time

30s

6.3.4 Configuring trusted interfaces of dynamic ARP inspection

Configure trusted interfaces of dynamic ARP inspection for the A10E/A28E as below.

Step

Configuration

Description

Alpha-A28E#config

Enter global configuration mode.

Alpha-A28E(config)#interface

port

port-id

Enter physical layer interface

configuration mode.

Alpha-A28E(config-port)#ip

arp-inspection trust

Set the interface to a trusted interface.

Main Page

Orion A10E - Configuring Trusted Interfaces of Dynamic ARP Inspection; Default Configurations of Dynamic ARP Inspection; Preparing for Configurations

Table of Contents