Cisco 7604 Configuration Manual page 584
Ios software configuration guide
Hide thumbs
Also See for 7604:
- Configuration manual (742 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Configuring DAI
•
These are the additional validations:
This example shows how to enable src-mac additional validation:
Router# configure terminal
Enter configuration commands, one per line.
Router(config)# ip arp inspection validate src-mac
Router(config)# do show ip arp inspection | include abled$
Source Mac Validation
Destination Mac Validation : Disabled
IP Address Validation
This example shows how to enable dst-mac additional validation:
Router# configure terminal
Enter configuration commands, one per line.
Router(config)# ip arp inspection validate dst-mac
Router(config)# do show ip arp inspection | include abled$
Source Mac Validation
Destination Mac Validation : Enabled
IP Address Validation
This example shows how to enable ip additional validation:
Router# configure terminal
Enter configuration commands, one per line.
Router(config)# ip arp inspection validate ip
Router(config)# do show ip arp inspection | include abled$
Source Mac Validation
Destination Mac Validation : Disabled
IP Address Validation
This example shows how to enable src-mac and dst-mac additional validation:
Router# configure terminal
Enter configuration commands, one per line.
Router(config)# ip arp inspection validate src-mac dst-mac
Router(config)# do show ip arp inspection | include abled$
Source Mac Validation
Destination Mac Validation : Enabled
IP Address Validation
This example shows how to enable src-mac, dst-mac, and ip additional validation:
Router# configure terminal
Enter configuration commands, one per line.
Router(config)# ip arp inspection validate src-mac dst-mac ip
Router(config)# do show ip arp inspection | include abled$
Source Mac Validation
Destination Mac Validation : Enabled
IP Address Validation
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
38-12
dst-mac—Checks the destination MAC address in the Ethernet header against the target MAC
–
address in ARP body. This check is performed for ARP responses. When enabled, packets with
different MAC addresses are classified as invalid and are dropped.
–
ip—Checks the ARP body for invalid and unexpected IP addresses. Addresses include 0.0.0.0,
255.255.255.255, and all IP multicast addresses. Sender IP addresses are checked in all ARP
requests and responses, and target IP addresses are checked only in ARP responses.
src-mac—Checks the source MAC address in the Ethernet header against the sender MAC
–
address in the ARP body. This check is performed on both ARP requests and responses. When
enabled, packets with different MAC addresses are classified as invalid and are dropped.
: Enabled
: Disabled
: Disabled
: Disabled
: Disabled
: Enabled
: Enabled
: Disabled
: Enabled
: Enabled
Chapter 38
Configuring Dynamic ARP Inspection
End with CNTL/Z.
End with CNTL/Z.
End with CNTL/Z.
End with CNTL/Z.
End with CNTL/Z.
OL-4266-08
- Quick Links:
- Supported Hardware and Software
Hide quick links:
Advertisement
Chapters
Table of Contents
