Table of Contents
Advertisement
Web Interface
To bind an ACL to a port:
1. Click S
ECURITY
2. Select C
ONFIGURE
3. Select IP or MAC from the Type list.
4. Select a port.
5. Select the name of an ACL from the ACL list.
6. Click A
PPLY
14-8 ARP Inspection
ARP Inspection is a security feature that validates the MAC Address bindings for
Address Resolution Protocol packets. It provides protection against ARP traffic with
invalid MAC-to-IP address bindings, which forms the basis for certain
"man-in-the-middle" attacks. This is accomplished by intercepting all ARP requests and
responses and verifying each of these packets before the local ARP cache is updated or
the packet is forwarded to the appropriate destination. Invalid ARP packets are dropped.
ARP Inspection determines the validity of an ARP packet based on valid IP-to-MAC
address bindings stored in a trusted database – the DHCP snooping binding database
(see
"DHCP Snooping Configuration" on page
snooping if it is enabled on globally on the switch and on the required VLANs. ARP
Inspection can also validate ARP packets against user-configured ARP access control
lists (ACLs) for hosts with statically configured addresses (see
ACL" on page
14-56).
Command Usage
Enabling & Disabling ARP Inspection
•
ARP Inspection is controlled on a global and VLAN basis.
> ACL.
I
from the Step list.
NTERFACE
.
Figure 14-44. Binding a Port to an ACL
Chapter 14: Security Measures
14-91). This database is built by DHCP
14-59
"Configuring an ARP
- Quick Links:
- Connecting to the Switch
Hide quick links:
Advertisement
Table of Contents
