Displaying arp inspection status and ports, Displaying the arp table, Dhcp snooping – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 303: Enabling trust on a port

Advertising
background image

Brocade ICX 6650 Security Configuration Guide

283

53-1002601-01

DHCP snooping

Enabling trust on a port

The default trust setting for a port is untrusted. For ports that are connected to host ports, leave
their trust settings as untrusted.

To enable trust on a port, enter commands such as the following.

Brocade(config)# interface ethernet 1/1/4
Brocade(config-if-e10000-1/1/4)# arp inspection trust

The commands change the CLI to the interface configuration level of port 1/1/4 and set the trust
setting of port 1/1/4 to trusted.

Syntax: [no] arp inspection trust

Displaying ARP inspection status and ports

To display the ARP inspection status for a VLAN and the trusted or untrusted port, enter the
following command.

Syntax: show ip arp inspection [vlan vlan_id]

The vlan_id variable specifies the ID of a configured VLAN.

Displaying the ARP table

To display the ARP table, enter the show arp command.

The command displays all ARP entries in the system.

Syntax: show arp

DHCP snooping

Dynamic Host Configuration Protocol (DHCP) snooping enables the Brocade device to filter
untrusted DHCP packets in a subnet. DHCP snooping can ward off MiM attacks, such as a
malicious user posing as a DHCP server sending false DHCP server reply packets with the intention
of misdirecting other users. DHCP snooping can also stop unauthorized DHCP servers and prevent
errors due to user mis-configuration of DHCP servers.

Often DHCP snooping is used together with Dynamic ARP Inspection and IP Source Guard.

Brocade# show ip arp inspection vlan 2
IP ARP inspection VLAN 2: Disabled
Trusted Ports : ethe 1/1/4
Untrusted Ports : ethe 1/1/1 to 1/1/3 ethe 1/2/1 to 1/2/4 ethe 1/3/1 to 1/3/4
ethe 1/2/7 to 1/2/9

Brocade# show arp
Total number of ARP entries: 2, maximum capacity: 6000
No

IP Address MAC Address Type Age Port Status

1 10.43.1.1 0000.00a0.4000 Dynamic 0 mgmt1 Valid
2 10.43.1.78 0000.0160.6ab1 Dynamic 2 mgmt1 Valid

Advertising
Popular Brands
Popular manuals