Configuration Guide 563
Configuring Network Security
ARP Inspection Configurations
In the
Illegal ARP Packet
section, you can view the number of illegal ARP packets on each
port.
Trusted Port
Indicates whether the port is an ARP trusted port or not.
Illegal ARP
Packet
Displays the number of the received illegal ARP packets.
4.2 Using the CLI
4.2.1 Configuring ARP Detection
The ARP Detection feature allows the switch to detect the ARP packets basing on the
binding entries in the IP-MAC Binding Table and filter the illegal ARP packets. Before
configuring ARP Detection, complete IP-MAC Binding configuration. For details, refer to
.
Follow these steps to configure ARP Detection:
Step 1
configure
Enter global configuration mode.
Step 2
ip arp inspection
Globally enable the ARP Detection feature.
Step 3
interface { fastEthernet
port
|
range fastEthernet
port-list
|
gigabitEthernet
port
|
range
gigabitEthernet
port-list
}
Enter interface configuration mode.
Step 4
ip arp inspection trust
Configure the port as a trusted port, on which the ARP Detection function will not take
effect. The specific ports, such as up-linked ports and routing ports are suggested to be set
as trusted ports.
Step 5
show ip arp inspection
Verify the ARP Inspection configuration.
Step 6
end
Return to privileged EXEC mode.
Step 7
copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to globally enable ARP Detection and configure port
1/0/1 as a trusted port.
Switch#configure