ProCurve(config)# debug arp-protect
1. ARP request is valid
"DARPP: Allow ARP request 000000-000001,10.0.0.1 for 10.0.0.2 port A1,
vlan "
2. ARP request detected with an invalid binding
"DARPP: Deny ARP request 000000-000003,10.0.0.1 port A1, vlan 1"
3. ARP response with a valid binding
"DARPP: Allow ARP reply 000000-000002,10.0.0.2 port A2, vlan 1"
4.ARP response detected with an invalid binding
"DARPP: Deny ARP reply 000000-000003,10.0.0.2 port A2, vlan 1"
Figure 8-3. Example of debug arp-protect Command
Monitoring Dynamic ARP Protection
When dynamic ARP protection is enabled, you can monitor and troubleshoot
the validation of ARP packets with the debug arp-protect command. Use this
command when you want to debug the following conditions:
■
The switch is dropping valid ARP packets that should be allowed.
The switch is allowing invalid ARP packets that should be dropped.
■
Dynamic IP Lockdown
The Dynamic IP Lockdown feature is used to prevent IP source address
spoofing on a per-port and per-VLAN basis. When dynamic IP lockdown is
enabled, IP packets in VLAN traffic received on a port are forwarded only if
they contain a known source IP address and MAC address binding for the port.
The IP-to-MAC address binding can either be statically configured or learned
by the DHCP Snooping feature.
Configuring Advanced Threat Protection
Dynamic IP Lockdown
8-23