Table of Contents
Advertisement
Configuring Security
Configuring Dynamic ARP Inspection
STEP 2
STEP 1
STEP 2
STEP 3
Cisco 220 Series Smart Plus Switches Administration Guide Release 1.0.0.x
•
IP-MAC Mismatch Failures —Total number of ARP packets that the IP
address does not match the MAC address.
Click Refresh to refresh the data in the table, or click Clear to clear all ARP
Inspection statistics.
Configuring ARP Inspection VLAN Settings
Use the VLAN Settings page to enable ARP Inspection on VLANs. In the Enabled
VLAN table, users assign static ARP Inspection lists to enabled VLANs. When a
packet passes through an untrusted interface which is enabled for ARP Inspection,
the switch performs the following checks in order:
•
Determines if the packet's IP address and MAC address exist in the static
ARP Inspection list. If the addresses match, the packet passes through the
interface.
•
If the switch does not find a matching IP address, but DHCP Snooping is
enabled on the VLAN, the switch checks the DHCP Snooping database for
the IP address-VLAN match. If the entry exists in the DHCP Snooping
database, the packet passes through the interface.
•
If the packet's IP address is not listed in the ARP Inspection list or the DHCP
Snooping database, the switch rejects the packet.
To define ARP Inspection on VLANs:
Click Security > ARP Inspection > VLAN Settings.
Select the VLANs from the Avaliable VLANs column and add them to the Enabled
VLANs column.
Click Apply. ARP Inspection settings are applied on the selected VLANs, and the
Running Configuration is updated.
16
223
Advertisement
Table of Contents
