Table of Contents
Advertisement
Raisecom
ISCOM2600G-HI (A) Series Configuration Guide
Dynamic ARP inspection can also protect the specified VLAN. After the protection VLAN is
configured, the ARP packets in specified VLAN on an untrusted interface will be protected.
Only the ARP packets, which meet binding table rules, are permitted to pass. Other packets
are discarded.
10.3.2 Preparing for configurations
Scenario
Dynamic ARP inspection is used to prevent common ARP spoofing attacks on the network,
which isolates ARP packets from unsafe sources. Whether to trust ARP packets depend on the
trusting status of an interface while ARP packets meet requirements depends on the ARP
binding table.
Prerequisite
Enable DHCP Snooping if there is a DHCP user.
10.3.3 Default configurations of dynamic ARP inspection
Default configurations of dynamic ARP inspection are as below.
Dynamic ARP inspection interface trust status
Dynamic ARP inspection static binding
Dynamic ARP inspection dynamic binding
Dynamic ARP inspection static binding table
Dynamic ARP inspection protection VLAN
Interface rate limiting on ARP packets
10.3.4 Configuring trusted interfaces of dynamic ARP inspection
Configure trusted interfaces of dynamic ARP inspection for the ISCOM2600G-HI series
switch as below.
1
2
The system provides auto-recovery and supports configuring the recovery time. The
interfaces, where the number of received ARP packets is greater than the threshold, will
recover to normal Rx/Tx status automatically after the recovery time expires.
Step
Command
Raisecom#config
Raisecom(config)#interface
interface-type interface-
number
Raisecom Proprietary and Confidential
Copyright © Raisecom Technology Co., Ltd.
Function
Enter global configuration mode.
Enter physical layer interface configuration
mode.
10 Security
Default value
Untrusted
Disable
Disable
N/A
All VLANs
60 pps
Description
412
Advertisement
Table of Contents
