Ip Arp Inspection Validate - Cisco Nexus 7000 Series Command Reference Manual
Hide thumbs
Also See for Nexus 7000 Series:
- Reference manual (746 pages) ,
- Configuration manual (536 pages) ,
- Hardware installation and reference manual (508 pages)
Table of Contents
Advertisement
I Commands
ip arp inspection validate
To enable additional Dynamic ARP Inspection (DAI) validation, use the ip arp inspection validate command.
To disable additional DAI, use the no form of this command.
ip arp inspection validate {dst-mac [ip] [src-mac]}
ip arp inspection validate {[dst-mac] ip [src-mac]}
ip arp inspection validate {[dst-mac] [ip] src-mac}
no ip arp inspection validate {dst-mac [ip] [src-mac]}
no ip arp inspection validate {[dst-mac] ip [src-mac]}
no ip arp inspection validate {[dst-mac] [ip] src-mac}
Syntax Description
dst-mac
ip
src-mac
Command Default
None
Command Modes
Global configuration
Command History
Release
4.0(1)
(Optional) Enables validation of the destination MAC
address in the Ethernet header against the target MAC
address in the ARP body for ARP responses. The
device classifies packets with different MAC
addresses as invalid and drops them.
(Optional) Enables validation of the ARP body for
invalid and unexpected IP addresses. Addresses
include 0.0.0.0, 255.255.255.255, and all IP multicast
addresses. The device checks the sender IP addresses
in all ARP requests and responses, and checks the
target IP addresses only in ARP responses.
(Optional) Enables validation of the source MAC
address in the Ethernet header against the sender
MAC address in the ARP body for ARP requests and
responses. The devices classifies packets with
different MAC addresses as invalid and drops them.
Modification
This command was introduced.
Cisco Nexus 7000 Series Security Command Reference
ip arp inspection validate
385
Advertisement
Table of Contents
