1. Manuals
  2. Brands
  3. Avaya Manuals
  4. Network Router
  5. ERS 5510
  6. Technical configuration manual

Dynamic Arp Inspection; Ip Source Guard - Avaya ERS 5510 Technical Configuration Manual

Ethernet routing switch, filters and qos configuration for ethernet routing switch
Hide thumbs
Table of Contents

Advertisement

Filt

8.2 Dynamic ARP Inspection

Dynamic ARP Inspection verifies the ARP packets to prevent man -in-the-middle (MITM) types of attacks.
Without dynamic ARP inspection, a malicious user can attack hosts in a local subnet by poisoning the
ARP cache of hosts connected to this subnet by intercepting traffic intended for other hosts on the subnet.
This normally takes place on VLA N with multiple hosts connec ted. Dynamic ARP inspection is used
together with DHCP snooping by using the binding table to validate the host MAC address to IP address
binding on untrusted ports. ARP packets on untrusted ports are only forward if they match the source
MAC to IP address in the binding table. DHCP snooping must be enable prior to enabling dynamic ARP
inspection.
8.2.1 Dynamic ARP Inspection Configuration
Assuming DHCP snooping is already enable for VLANs 100 and 200 and port 1/19 is the uplink port,
enter the following commands:
5500(config)#
5500(config)#
5500(config)#
5500(config-if)#
5500(config-if)#

8.3 IP Source Guard

IP source guard works toget her with the DHCP snooping binding table by providing security against
invalid sourc e IP addresses. If enabled, the source IP address is checked against the source IP address
in the binding table on untrusted ports. If the incoming source IP address does not match the IP addre ss
in the binding table, the packet is dropped. Please note that manual (static) assignment of IP addresses is
not allowed as DHCP snooping does not support static binding entries
8.3.1 IP Source Guard Configuration
Assuming DHCP snooping is already configured with untrusted port members 2-20, enter the following
commands:
5500(config)#
5500(config-if)#
5500(config-if)#
Filters and QOS Configuration for Ethernet Routing Switch 5500
January 2013
ip arp-inspection vlan 100
ip arp-inspection vlan 200
interface fastEthernet 1/24
ip arp-inspection trusted
exit
interface fastEthernet
ip verify source
exit
Technical Configuration Guide
2-20
avaya.com
33

Advertisement

Table of Contents
loading

Related Manuals for Avaya ERS 5510

Related Content for Avaya ERS 5510

This manual is also suitable for:

Ers 5530Ers 5520

Table of Contents