LevelOne FGL-2870 User Manual

Page 192

Advertising
background image

Configuring the Switch

3-138

3

ARP Inspection Logging
• By default, logging is active for ARP Inspection, and cannot be disabled.
• The administrator can configure the log facility rate.
• When the switch drops a packet, it places an entry in the log buffer, then generates

a system message on a rate-controlled basis. After the system message is
generated, the entry is cleared from the log buffer.

• Each log entry contains flow information, such as the receiving VLAN, the port

number, the source and destination IP addresses, and the source and destination
MAC addresses.

• If multiple, identical invalid ARP packets are received consecutively on the same

VLAN, then the logging facility will only generate one entry in the log buffer and one
corresponding system message.

• If the log buffer is full, the oldest entry will be replaced with the newest entry.

Trusted & Untrusted Ports
• By default all ports are configured as untrusted.
• Specific ports can be configured as trusted or untrusted ports.
• Packets arriving on trusted interfaces bypass all ARP Inspection and ARP

Inspection Validation checks and will always be forwarded, while those arriving on
untrusted interfaces are subject to all configured ARP inspection tests.

ARP Packet Rate Limiting
• By default, all untrusted ports are subject to ARP packet rate limiting.
• By default, all trusted ports are exempt from ARP packet rate limiting.
• The switch will drop all ARP packets received on a port which exceeds the

configured ARP-packets-per-second rate limit.

• Setting the ARP Inspection Packet Rate Limit to “none” means that no rate limiting

will be enforced.

Command Attributes
ARP Inspection Status – Enables ARP Inspection globally. (Default: Disabled)
ARP Inspection VLAN – Selects any configured VLAN. (Default: 1)
ARP Inspection VLAN Status – Enables ARP Inspection for the selected VLAN.

(Default: Disabled)

• ARP Inspection VLAN Filter

- ARP ACL – Allows selection of any configured ARP ACLs. (Default: None)
- Static – When an ARP ACL is selected, and static mode also selected, the

switch only performs ARP Inspection and bypasses validation against the DHCP
Snooping Bindings database. When an ARP ACL is selected, but static mode is
not selected, the switch first performs ARP Inspection and then validation
against the DHCP Snooping Bindings database. (Default: Disabled)

Advertising
Popular Brands
Popular manuals