26.19.2.2 Trusted vs. Untrusted Ports
Every port is eit her a t rust ed port or an unt rust ed port for ARP inspect ion. This set t ing is
independent of t he t rust ed/ unt rust ed set t ing for DHCP snooping. You can also specify t he m axim um
rat e at which t he Swit ch receives ARP packet s on unt rust ed port s.
The Swit ch does not discard ARP packet s on t rust ed port s for any reason.
The Swit ch discards ARP packet s on unt rust ed port s in t he following sit uat ions:
•
The sender 's inform at ion in t he ARP packet does no t m at ch any of t he current bindings.
•
The rat e at which ARP packet s arrive is t oo high.
26.19.2.3 Syslog
The Swit ch can send syslog m essages t o t he specified syslog server (
when it forwards or discards ARP packet s. The Swit ch can consolidat e log m essages and send log
m essages in bat ches t o m ake t his m echanism m ore efficient .
26.19.2.4 Configuring ARP Inspection
Follow t hese st eps t o configure ARP inspect ion on t he Swit ch.
1
Configure DHCP snooping. See
Not e: I t is recom m ended you enable DHCP snooping at least one day before you enable
ARP inspect ion so t hat t he Swit ch has enough t im e t o build t he binding t able.
2
Enable ARP inspect ion on each VLAN.
3
Configure t rust ed and unt rust ed port s, and specify t he m axim um num ber of ARP packet s t hat each
port can receive per second.
Chapter 26 IP Source Guard
Sect ion 26.19.1.4 on page
GS2210 Series User's Guide
256
Chapt er 46 on page
255.
389)