Arp inspection, Figure 211 s – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual

876

Brocade 6910 Ethernet Access Switch Configuration Guide

53-1002581-01

ARP Inspection

41

Parameters

These parameters are displayed:

•

Port – Port identifier. (Range: 1-12)

•

Type – Selects the type of ACL.

•

Direction – Selects ingress or egress traffic.

•

Query – Displays statistics for selected criteria.

•

ACL Name – The ACL bound this port.

•

Action – Shows if action is to permit or deny specified packets.

•

Rules – Shows the rules for the ACL bound to this port.

•

Time-Range – Name of a time range.

•

Hits – Shows the number of packets matching this ACL.

•

Clear Counter – Clears hit counter for rules in specified ACL.

Interface

To show statistics for ACL hardware counters:

1. Click Security, ACL.

2. Select Configure Interface from the Step list.

3. Select Show Hardware Counters from the Action list.

4. Select a port.

5. Select ingress or egress traffic.

FIGURE 211

Showing ACL Statistics

ARP Inspection

ARP Inspection is a security feature that validates the MAC Address bindings for Address Resolution
Protocol packets. It provides protection against ARP traffic with invalid MAC-to-IP address bindings,
which forms the basis for certain “man-in-the-middle” attacks. This is accomplished by intercepting
all ARP requests and responses and verifying each of these packets before the local ARP cache is
updated or the packet is forwarded to the appropriate destination. Invalid ARP packets are
dropped.