Bypass The Arp Inspection; Source Address Validation - Dell Force10 MXL Blade Configuration Manual

To see how many valid and invalid ARP packets have been processed, use the
command
Figure 9-13. Command example:
FTOS#show arp inspection statistics
Dynamic ARP Inspection (DAI) Statistics
---------------------------------------
Valid ARP Requests
Valid ARP Replies
Invalid ARP Requests
Invalid ARP Replies
FTOS#

Bypass the ARP Inspection

You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in
multi-switch environments. ARPs received on trusted ports bypass validation against the binding table. All
ports are untrusted by default.
Task
Specify an interface as trusted so that ARPs are not
validated against the binding table.
FTOS Behavior: Introduced in FTOS version 8.2.1.0, DAI was available for Layer 3 only. FTOS
version 8.2.1.1 extends DAI to Layer 2.

Source Address Validation

Using the DHCP binding table, FTOS can perform three types of source address validation (SAV):
• IP Source Address Validation on page
have been validated against the DHCP binding table.
• DHCP MAC Source Address Validation on page
address matches the client hardware address field (CHADDR) in the payload.
• IP+MAC Source Address Validation on page
address are a legitimate pair.
184
| Dynamic Host Configuration Protocol (DHCP)
(Figure 9-13).
show arp inspection database
: 0
: 1000
: 1000
: 0
Command Syntax
arp inspection-trust
185: prevents IP spoofing by forwarding only IP packets that
185: verifies a DHCP packet's source hardware
185: verifies that the IP source address and MAC source
show arp inspection statistics
Command Mode
INTERFACE