Arp Inspection - WAGO 852-1305 Manual

8/4-port 100base-t/1000base-sx/lx industrial-managed-switch, 8 ports 100base-t,4 slots 1000base-sx/lx

Hide thumbs

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

page of 314

/ 314
Contents
Table of Contents
Bookmarks

Table of Contents

WAGO-ETHERNET-Zubehör 852

852-1305 8/4-Port 100BASE-T/1000BASE-SX/LX

7.3.1.3

ARP Inspection

The dynamic "ARP Inspection" ("Address Resolution Protocol Inspection") is a

security function in which ARP packets are inspected in a network. Dynamic ARP

inspections validates the packet by performing IP-to-MAC address binding

inspection stored in a trusted database (the "DHCP Snooping" database) before

forwarding the packet. Dynamic ARP intercepts, logs, and discards ARP packets

with invalid IP-to-MAC address bindings. This function protects the network

from certain "Man-in-the-Middle" attacks.

Dynamic ARP inspection ensures that only valid ARP requests and responses are

relayed.

The switch executes the following processes:

•

Interception of all ARP requests and responses on untrusted ports.

•

Inspection of all intercepted packets for valid IP-to-MAC address binding

before updating the local ARP cache or forwarding a packet to the

respective destination.

Trusted Port and Untrusted Port

•

This setting is independent of the "Trusted/Untrusted" setting for "DHCP

Snooping".

•

The switch does not drop ARP packets from "Trusted Ports" for any reason.

•

The switch drops ARP packets from "Untrusted Ports" if the information

from the sender in the ARP packets does not match any current bindings.

•

Normally, the "Trusted Ports" are the "Uplink Ports" and the "Untrusted

Ports" are connected to subscribers.

Configurations

Users can enable/disable the ARP Inspection on the switch. It can also be

enabled/disabled on a specific VLAN. If ARP Inspection is disabled on the

switch, ARP Inspection is disabled on all VLANs, even if enabled for individual

VLAN.

Global State/VLAN State

There is a global state and individual VLAN states.

If the global state is disabled, ARP Inspection is disabled on the switch, even if

individual VLAN states are enabled.

If the global state for ARP Inspection is enabled, this function must be enabled by

the user for specific VLANs.

Manual

1.1.0

Enhanced Features

Table of Contents

Show Quick Links

Hide quick links:

Chapters

Table of Contents

Arp Inspection - WAGO 852-1305 Manual

ARP Inspection

Hide quick links:

Chapters

Related Manuals for WAGO 852-1305

Related Products for WAGO 852-1305

Table of Contents