packets not matching any rules are dropped, and the DHCP snooping
bindings database check is bypassed.
If Static is not specified, ARP packets are first validated against the
◆
selected ACL; if no ACL rules match the packets, then the DHCP
snooping bindings database determines their validity.
P
ARAMETERS
These parameters are displayed in the web interface:
ARP Inspection VLAN ID – Selects any configured VLAN. (Default: 1)
◆
ARP Inspection VLAN Status – Enables ARP Inspection for the
◆
selected VLAN. (Default: Disabled)
ARP Inspection ACL Name
◆
ARP ACL – Allows selection of any configured ARP ACLs.
■
(Default: None)
Static – When an ARP ACL is selected, and static mode also
■
selected, the switch only performs ARP Inspection and bypasses
validation against the DHCP Snooping Bindings database. When an
ARP ACL is selected, but static mode is not selected, the switch first
performs ARP Inspection and then validation against the DHCP
Snooping Bindings database. (Default: Disabled)
W
I
EB
NTERFACE
To configure VLAN settings for ARP Inspection:
Click Security, ARP Inspection.
1.
Select Configure VLAN from the Step list.
2.
Enable ARP inspection for the required VLANs, select an ARP ACL filter
3.
to check for configured addresses, and select the Static option to
bypass checking the DHCP snooping bindings database if required.
Click Apply.
4.
Figure 164: Configuring VLAN Settings for ARP Inspection
– 305 –
| Security Measures
C
13
HAPTER
ARP Inspection