Cisco 500 series Administration Manual page 344

Configuring Security
Dynamic ARP Inspection
STEP 1
STEP 2
STEP 3
STEP 4
STEP 1
Cisco 500 Series Stackable Managed Switch Administration Guide
ARP Inspection Work Flow
To configure ARP Inspection:
Enable ARP Inspection and configure various options in the Security > ARP
Inspection > Properties page.
Configure interfaces as ARP trusted or untrusted in the Security > ARP Inspection
> Interface Setting page.
Add rules in the Security > ARP Inspection > ARP Access Control and ARP Access
Control Rules pages.
Define the VLANs on which ARP Inspection is enabled and the Access Control
Rules for each VLAN in the Security > ARP Inspection > VLAN Settings page.
Defining ARP Inspection Properties
To configure ARP Inspection:
Click Security > ARP Inspection > Properties. The
Enter the following fields:
• ARP Inspection Status—Select to enable ARP Inspection.
• ARP Packet Validation—Select to enable the following validation checks:
- Source MAC — Compares the packet's source MAC address in the
Ethernet header against the sender's MAC address in the ARP request.
This check is performed on both ARP requests and responses.
- Destination MAC — Compares the packet's destination MAC address in
the Ethernet header against the destination interface's MAC address.
This check is performed for ARP responses.
- IP Addresses — Compares the ARP body for invalid and unexpected IP
addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP
Multicast addresses.
• Log Buffer Interval—Select one of the following options:
- Retry Frequency—Enable sending SYSLOG messages for dropped
packets. Entered the frequency with which the messages are sent.
Properties
page is displayed.
18
344