D-Link DXS-3600 Series Reference Manual page 443
Dxs-3600 series layer 2/3 managed 10gigabit ethernet switch
Hide thumbs
Also See for DXS-3600 Series:
- Cli reference manual (1456 pages) ,
- Reference manual (680 pages) ,
- Hardware installation manual (55 pages)
Table of Contents
Advertisement
DXS-3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide
This command is used to specify the additional checks to be performed during an ARP inspection check.
Use the no form of the command to remove specific additional check.
ip arp inspection validate [src-mac] [dst-mac] [ip]
no ip arp inspection validate [src-mac] [dst-mac] [ip]
Parameters
src-mac
dst-mac
ip
Default
By default, this option is disabled.
Command Mode
Global Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
Use this command to specify the additional checks to be performed during the dynamic ARP inspection
check. The specified check will be performed on packets arriving at the untrusted interface and belong to
the VLANs that are enabled for IP ARP inspection. If no parameters are specified, all options are enabled
or disabled. Use the no form of the command with the specific option to disable the specific type of check.
Example
This example shows how to enable source MAC validation.
Switch# configure terminal
Switch(config)# ip arp inspection validate src-mac
Switch(config)#
33-9 ip arp inspection vlan
This command is used to enable specific VLANs for dynamic ARP inspection. Use the no form of the
command disable dynamic ARP inspection for VLAN.
ip arp inspection vlan VLAN-ID [, | -]
no ip arp inspection vlan VLAN-ID [, | -]
(Optional) Specifies to check for ARP requests and response packets
and the consistency of the source MAC address in the Ethernet header
against the sender MAC address in the ARP payload.
(Optional) Specifies to check for ARP response packets and the
consistency of the destination MAC address in the Ethernet header
against the target MAC address in the ARP payload.
(Optional) Specifies to check the ARP body for invalid and unexpected
IP addresses. Specifies to check the validity of IP address in the ARP
payload. The sender IP in both the ARP request and response and
target IP in the ARP response are validated. Packets destined for the
IP addresses 0.0.0.0, 255.255.255.255, and all IP multicast addresses
are dropped. Sender IP addresses are checked in all ARP requests
and responses, and target IP addresses are checked only in ARP
responses.
443
Advertisement
Table of Contents
