Siemens S223 User Manual

UMN:CLI User Manual

SURPASS hiD 6615 S223/S323 R1.5

168 A50010-Y3-C150-2-7619

You can configure the switch to perform additional checks on the destination MAC ad-
dress, the sender and target IP address and the source MAC address.

Command Mode

Description

ip arp inspection validate

{src-

mac

| dst-mac | ip}

Inspects specific check on incoming ARP packets.
src-mac: checks the source MAC address. Packets
with different MAC addresses are classified as invalid
are dropped.
dst-mac: checks the destination MAC address. Packets
with different MAC addresses are classified as invalid
are dropped.
ip: checks the unexpected IP address.

ip arp inspection filter

NAME

vlan

VLAN

Applies ARP ACL to the VLAN.
NAME: ARP ACL name. It is created with the arp ac-

cess-list

NAME command.

ip arp inspection trust port

PORTS

Global

Configures a connection between switches as trusted.
PORTS: trusted port number.

To remove the specific ARP Inspection configuration, use the following commands

Command Mode

Description

no ip arp inspection validate

{src-mac | dst-mac | ip}

no ip arp inspection filter

NAME

vlan

VLAN

no ip arp inspection trust port

PORTS

Global Removes

specific

ARP

inspection configuration.

To display checking and statistics, use the following command.

Command Mode

Description

show ip arp inspection

[vlan

VLAN

]

show ip arp inspection statistics

[vlan VLAN]

show ip arp inspection trust

[port PORTS]

Enable

Global
Bridge

Displays the information of ARP inspection.

To clear ARP inspection mapping counter and statistics, use the following command.

Command Mode

Description

clear ip arp inspection statistics

[vlan VLAN]

Global
Bridge

Clears ARP inspection statistics.