Ip arp inspection validate – Dell POWEREDGE M1000E User Manual

Page 229

Advertising
background image

2-199

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Command Reference

OL-13271-03

Chapter 2 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Cisco IOS Commands

ip arp inspection validate

ip arp inspection validate

Use the ip arp inspection validate global configuration command on the switch stack or on a standalone
switch to perform specific checks for dynamic Address Resolution Protocol (ARP) inspection. Use the
no form of this command to return to the default settings.

ip arp inspection validate {[src-mac] [dst-mac] [ip [allow zeros] ]}

no ip arp inspection validate [src-mac] [dst-mac] [ip [allow zeros] ]

This command is supported only if your switch is running the IP services feature set.

Syntax Description

Defaults

No checks are performed.

Command Modes

Global configuration

Command History

Usage Guidelines

You must specify at least one of the keywords. Each command overrides the configuration of the
previous command; that is, if a command enables src-mac and dst-mac validations, and a second
command enables IP validation only, the src-mac and dst-mac validations are disabled as a result of the
second command.

src-mac

Compare the source MAC address in the Ethernet header against the sender MAC
address in the ARP body. This check is performed on both ARP requests and
responses.

When enabled, packets with different MAC addresses are classified as invalid and are
dropped.

dst-mac

Compare the destination MAC address in the Ethernet header against the target MAC
address in ARP body. This check is performed for ARP responses.

When enabled, packets with different MAC addresses are classified as invalid and are
dropped.

ip

Compare the ARP body for invalid and unexpected IP addresses. Addresses include
0.0.0.0, 255.255.255.255, and all IP multicast addresses.

Sender IP addresses are compared in all ARP requests and responses. Target IP
addresses are checked only in ARP responses.

allow-zeros

Modifies the IP validation test so that ARPs with a sender address of 0.0.0.0 (ARP
probes) are not denied.

Release

Modification

12.2(40)EX1

This command was introduced.

Advertising
Popular Brands
Popular manuals