Configuring Dynamic Arp Inspection - Dell PowerConnect 8024 User Configuration Manual

Configuring Dynamic ARP Inspection

Beginning in Privileged EXEC mode, use the following commands to
configure DAI settings on the switch.
Command
configure
ip arp inspection vlan
vlan-range [logging]
ip arp inspection
validate {[src-mac] [dst-
mac] [ip]}
acl-name
arp access-list
sender-ip
permit ip host
sender-mac
mac host
exit
Purpose
Enter global configuration mode.
Enable Dynamic ARP Inspection on a single VLAN or a
range of VLANs. Use the logging keyword to enable
logging of invalid packets.
Enable additional validation checks like source MAC
address validation, destination MAC address validation, or
IP address validation on the received ARP packets.
Each command overrides the configuration of the
previous command. For example, if a command enables
source MAC address and destination validations and a
second command enables IP address validation only, the
source MAC address and destination MAC address
validations are disabled as a result of the second
command.
• src-mac—For validating the source MAC address of an
ARP packet.
• dst-mac—For validating the destination MAC address of
an ARP packet.
• ip—For validating the IP address of an ARP packet.
Create an ARP ACL with the specified name (1–31
characters) and enter ARP Access-list Configuration mode
for the ACL.
Configure a rule for a valid IP address and MAC address
combination used in ARP packet validation.
sender-ip
• — Valid IP address used by a host.
sender-mac
• —Valid MAC address in combination with
the above sender-ip used by a host.
Exit to Global Config mode.
Snooping and Inspecting Traffic
785