DGS-6604
ip arp inspection validate
CLI Reference Guide
238
ip arp inspection validate
Use the command to specify the additional checks to be performed during ARP
inspection check. Use the
no
form of the command to remove specific additional
check.
ip arp inspection validate {[src-mac] [dst-mac] [ip]}
no ip arp inspection validate [src-mac] [dst-mac] [ip]
Default
Disabled
Command Mode
Global configuration mode
Usage Guideline
Use the command to specify the additional checks to be performed during
dynamic ARP inspection check. The specified check will be performed on
packets arriving at the un-trusted interface and belong to the VLANs that are
enabled for ip arp inspection.
Use the no form of the command with specific option to disabled specific type of
check.
Example
This example shows how to enable source MAC validation:
This example shows how to disable source MAC validation:
Syntax Description
src-mac
(Optional) Specify to check, for both ARP request response packets, the
consistency of the source MAC address in the Ethernet header against the
sender MAC address in the ARP payload.
dst-mac
(Optional) Specify to check, for ARP response packets, the consistency of the
destination MAC address in the Ethernet header against the target MAC address
in the ARP payload.
ip
(Optional) Checks the ARP body for invalid and unexpected IP addresses.
Specify to check the validity of IP address in the ARP payload. Sender IP in both
ARP request and response and target IP in ARP response are validated.
Packets with addresses including 0.0.0.0,
255.255.255.255, and all IP multicast addresses are dropped. Sender IP
addresses are checked in all ARP
requests and responses, and target IP addresses are checked only in ARP
responses.
Switch# configure terminal
Switch(config)# ip arp inspection validate src-mac
Switch(config)#