Chapter 12
| Security Measures
ARP Inspection
Configuring
VLAN Settings for
ARP Inspection
4.
Click Apply.
Figure 210: Configuring Global Settings for ARP Inspection
Use the Security > ARP Inspection (Configure VLAN) page to enable ARP inspection
for any VLAN and to specify the ARP ACL to use.
Command Usage
ARP Inspection VLAN Filters (ACLs)
◆
By default, no ARP Inspection ACLs are configured and the feature is disabled.
◆
ARP Inspection ACLs are configured within the ARP ACL configuration page
(see
page
335).
◆
ARP Inspection ACLs can be applied to any configured VLAN.
◆
ARP Inspection uses the DHCP snooping bindings database for the list of valid
IP-to-MAC address bindings. ARP ACLs take precedence over entries in the
DHCP snooping bindings database. The switch first compares ARP packets to
any specified ARP ACLs.
◆
If Static is specified, ARP packets are only validated against the selected ACL –
packets are filtered according to any matching rules, packets not matching any
rules are dropped, and the DHCP snooping bindings database check is
bypassed.
◆
If Static is not specified, ARP packets are first validated against the selected ACL;
if no ACL rules match the packets, then the DHCP snooping bindings database
determines their validity.
Parameters
These parameters are displayed:
◆
VLAN – VLAN identifier. (Range: 1-4094)
– 344 –