Chapter 8
| General Security Measures
ARP Inspection
– 257 –
Example
Console(config)#ip arp inspection
Console(config)#
ip arp inspection filter
This command specifies an ARP ACL to apply to one or more VLANs. Use the
no
form to remove an ACL binding.
Syntax
ip arp inspection filter
arp-acl-name
vlan
{
vlan-id
|
vlan-range
} [
static
]
no ip arp inspection filter
arp-acl-name
vlan
{
vlan-id
|
vlan-range
}
arp-acl-name
- Name of an ARP ACL. (Maximum length: 16 characters)
vlan-id
- VLAN ID. (Range: 1-4093)
vlan-range
- A consecutive range of VLANs indicated by the use a hyphen,
or a random group of VLANs with each entry separated by a comma.
static
- ARP packets are only validated against the specified ACL, address
bindings in the DHCP snooping database is not checked.
Default Setting
ARP ACLs are not bound to any VLAN
Static mode is not enabled
Command Mode
Global Configuration
Command Usage
◆
ARP ACL configuration commands are described under
“ARP ACLs” on
page 288
.
◆
If static mode is enabled, the switch compares ARP packets to the specified ARP
ACLs. Packets matching an IP-to-MAC address binding in a permit or deny rule
are processed accordingly. Packets not matching any of the ACL rules are
dropped. Address bindings in the DHCP snooping database are not checked.
◆
If static mode is not enabled, packets are first validated against the specified
ARP ACL. Packets matching a deny rule are dropped. All remaining packets are
validated against the address bindings in the DHCP snooping database.
Example
Console(config)#ip arp inspection filter sales vlan 1
Console(config)#
Summary of Contents for EX-3524
Page 2: ......
Page 28: ...Figures 28 ...
Page 34: ...Section I Getting Started 34 ...
Page 58: ...Chapter 1 Initial Switch Configuration Setting the System Clock 58 ...
Page 72: ...Chapter 2 Using the Command Line Interface CLI Command Groups 72 ...
Page 156: ...Chapter 5 SNMP Commands Notification Log Commands 156 ...
Page 164: ...Chapter 6 Remote Monitoring Commands 164 ...
Page 218: ...Chapter 7 Authentication Commands Management IP Filter 218 ...
Page 268: ...Chapter 8 General Security Measures Port based Traffic Segmentation 268 ...
Page 292: ...Chapter 9 Access Control Lists ACL Information 292 ...
Page 312: ...Chapter 10 Interface Commands Power Savings 312 ...
Page 324: ...Chapter 11 Link Aggregation Commands Trunk Status Display Commands 324 ...
Page 366: ...Chapter 15 Address Table Commands 366 ...
Page 428: ...Chapter 17 VLAN Commands Configuring Voice VLANs 428 ...
Page 572: ...Chapter 25 IP Interface Commands IPv6 Interface 572 ...
Page 578: ...Section I Appendices 578 ...