Ip Arp Inspection Validate - Alcatel OS-LS-6224 User Manual

For untrusted interfaces, the switch intercepts all ARP requests and
responses. It verifies that the intercepted packets have valid IP-to-MAC
address bindings before updating the local cache and before forwarding the
packet to the appropriate destination. The switch drops invalid packets and
logs them in the log buffer according to the logging configuration specified with
the ip arp inspection log-buffer vlan Global Configuration mode command.
Example
The following example configures an ARP inspection trust state on port 1/e16.
Console # (config)# interface ethernet 1/e16
Console # (config-if)# ip arp inspection trust
Console # (config-if)#

ip arp inspection validate

Use the ip arp inspection validate Global Configuration command to perform
specific checks for dynamic Address Resolution Protocol (ARP) inspection. Use the
no form of this command to return to the default settings.
Syntax
ip arp inspection validate
no ip arp inspection validate
Default Configuration
The default configuration is set to disabled.
Command Mode
Global Configuration mode
Command Usage
The following are performed:
• Source MAC: Compare the source MAC address in the Ethernet header
against the sender MAC address in the ARP body. This check is performed
on both ARP requests and responses.
• Destination MAC: Compare the destination MAC address in the Ethernet
header against the target MAC address in ARP body. This check is
performed for ARP responses.
• IP addresses: Compare the ARP body for invalid and unexpected IP
addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP
multicast addresses.
Example
The following example validates ARP inspection.
Console # (config)# ip arp inspection validate
Console # (config)#
DHCP Snooping, IP Source Guard and ARP Inspection Commands
4
659