Configuring Arp Inspection; Command Usage; Configuring Global And Port Settings For Arp Inspection - AMX NXA-ENET8-2POE Operation/Reference Manual

Gigabit ethernet layer 2 poe switch

Hide thumbs Also See for NXA-ENET8-2POE:

Instruction manual (165 pages)

Installation manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

Table of Contents

Configuring the NXA-ENET8-2POE

Configuring ARP Inspection

ARP Inspection is a security feature that validates the MAC Address bindings for Address Resolution Protocol

packets. It provides protection against ARP traffic with invalid MAC-to-IP address bindings, which forms the

basis for certain man-in-the-middle attacks. This is accomplished by intercepting all ARP requests and

responses and verifying each of these packets before the local ARP cache is updated or the packet is forwarded

to the appropriate destination. Invalid ARP packets are dropped.

ARP Inspection determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored

in a trusted database. the DHCP snooping binding database (see "Configuring DHCP Snooping"). This

database is built by DHCP snooping if it is enabled globally on the switch and on the required ports. ARP

Inspection can also validate ARP packets against statically configured addresses.

Command Usage

Enabling & Disabling ARP Inspection



DHCP snooping must be enabled for dynamic clients to be learned automatically.

Configuring Global and Port Settings For ARP Inspection

Use the ARP Inspection Configuration page to enable ARP inspection globally for the switch and for any ports

on which it is required.

FIG. 60

ARP Inspection Configuration

ARP Inspection Configuration parameters

ARP Inspection Configuration

• Mode

ARP Inspection is controlled on a global and port basis.

By default, ARP Inspection is disabled both globally and on all ports.

If ARP Inspection is globally enabled, then it becomes active only on the ports where it has been



enabled.

When ARP Inspection is enabled globally, all ARP request and reply packets on inspection-



enabled ports are redirected to the CPU and their switching behavior handled by the ARP

Inspection engine.

If ARP Inspection is disabled globally, then it becomes inactive for all ports, including those



where inspection is enabled.

When ARP Inspection is disabled, all ARP request and reply packets will bypass the ARP



Inspection engine and their switching behavior will match that of all other packets.

Disabling and then re-enabling global ARP Inspection will not affect the ARP Inspection



configuration of any ports.

When ARP Inspection is disabled globally, it is still possible to configure ARP Inspection for



individual ports. These configuration changes will only become active after ARP Inspection is

enabled globally again.

ARP Inspection uses the DHCP snooping bindings database for the list of valid IP-to-MAC address

bindings.

Enables Dynamic ARP Inspection globally. (Default: Disabled)

NXA-ENET8-2POE Gigabit Ethernet Layer 2 PoE Switch

Table of Contents

Configuring Arp Inspection; Command Usage; Configuring Global And Port Settings For Arp Inspection - AMX NXA-ENET8-2POE Operation/Reference Manual

Configuring ARP Inspection

Command Usage

Configuring Global and Port Settings For ARP Inspection

Related Manuals for AMX NXA-ENET8-2POE

Related Content for AMX NXA-ENET8-2POE

Table of Contents