Table of Contents
Advertisement
set arpinspection validate
set arpinspection validate
Use this command to configure additional optional ARP validation parameters.
Syntax
set arpinspection validate {[src-mac] [dst-mac] [ip]}
Parameters
src‐mac
dst‐mac
ip
Defaults
All parameters are optional, but at least one parameter must be specified.
Mode
Switch command, read‐write.
Usage
This command adds additional validation of ARP packets by DAI, beyond the basic validation
that the ARP packet's sender MAC address and sender IP address match an entry in the DHCP
snooping bindings database.
Example
This example adds the optional verification that sender MAC addresses are the same as the source
MAC addresses in the Ethernet headers of ARP packets.
C2(su)->set arpinspection validate src-mac
set arpinspection limit
Use this command to configure rate limiting parameters for incoming ARP packets on a port or
ports
Syntax
set arpinspection limit port port-string {none | rate pps {burst interval secs]}
17-22 DHCP Snooping and Dynamic ARP Inspection
Specifies that DAI should verify that the sender MAC address equals
the source MAC address in the Ethernet header.
Specifies that DAI should verify that the target MAC address equals the
destination MAC address in the Ethernet header.
This check only applies to ARP responses, since the target MAC address
is unspecified in ARP requests.
Specifies that DAI should check the IP address and drop ARP packets
with an invalid address. An invalid address is one of the following:
• 0.0.0.0
• 255.255.255.255
• All IP multicast addresses
• All class E addresses (240.0.0.0/4)
• Loopback addresses (in the range 127.0.0.0/8)
Advertisement
Table of Contents
Need help?
Do you have a question about the SecureStack C2 C2G170-24 and is the answer not in the manual?