Table of Contents
Advertisement
26.19.2.2 Trusted vs. Untrusted Ports
Every port is eit her a t rust ed port or an unt rust ed port for ARP inspect ion. This set t ing is
independent of t he t rust ed/ unt rust ed set t ing for DHCP snooping. You can also specify t he m axim um
rat e at which t he Swit ch receives ARP packet s on unt rust ed port s.
The Swit ch does not discard ARP packet s on t rust ed port s for any reason.
The Swit ch discards ARP packet s on unt rust ed port s in t he following sit uat ions:
•
The sender 's inform at ion in t he ARP packet does no t m at ch any of t he current bindings.
•
The rat e at which ARP packet s arrive is t oo high.
26.19.2.3 Syslog
The Swit ch can send syslog m essages t o t he specified syslog server (
when it forwards or discards ARP packet s. The Swit ch can consolidat e log m essages and send log
m essages in bat ches t o m ake t his m echanism m ore efficient .
26.19.2.4 Configuring ARP Inspection
Follow t hese st eps t o configure ARP inspect ion on t he Swit ch.
1
Configure DHCP snooping. See
Not e: I t is recom m ended you enable DHCP snooping at least one day before you enable
ARP inspect ion so t hat t he Swit ch has enough t im e t o build t he binding t able.
2
Enable ARP inspect ion on each VLAN.
3
Configure t rust ed and unt rust ed port s, and specify t he m axim um num ber of ARP packet s t hat each
port can receive per second.
Chapter 26 IP Source Guard
Sect ion 26.19.1.4 on page
GS2210 Series User's Guide
256
Chapt er 46 on page
255.
389)
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
