Microsens MS453490M Management Guide User Manual
Page 317
C
HAPTER
14
| Security Measures
ARP Inspection
– 317 –
◆
ARP Inspection ACLs can be applied to any configured VLAN.
◆
ARP Inspection uses the DHCP snooping bindings database for the list
of valid IP-to-MAC address bindings. ARP ACLs take precedence over
entries in the DHCP snooping bindings database. The switch first
compares ARP packets to any specified ARP ACLs.
◆
If Static is specified, ARP packets are only validated against the
selected ACL – packets are filtered according to any matching rules,
packets not matching any rules are dropped, and the DHCP snooping
bindings database check is bypassed.
◆
If Static is not specified, ARP packets are first validated against the
selected ACL; if no ACL rules match the packets, then the DHCP
snooping bindings database determines their validity.
P
ARAMETERS
These parameters are displayed:
◆
ARP Inspection VLAN ID – Selects any configured VLAN. (Default: 1)
◆
ARP Inspection VLAN Status – Enables ARP Inspection for the
selected VLAN. (Default: Disabled)
◆
ARP Inspection ACL Name
■
ARP ACL – Allows selection of any configured ARP ACLs.
(Default: None)
■
Static – When an ARP ACL is selected, and static mode also
selected, the switch only performs ARP Inspection and bypasses
validation against the DHCP Snooping Bindings database. When an
ARP ACL is selected, but static mode is not selected, the switch first
performs ARP Inspection and then validation against the DHCP
Snooping Bindings database. (Default: Disabled)
W
EB
I
NTERFACE
To configure VLAN settings for ARP Inspection:
1.
Click Security, ARP Inspection.
2.
Select Configure VLAN from the Step list.
3.
Enable ARP inspection for the required VLANs, select an ARP ACL filter
to check for configured addresses, and select the Static option to
bypass checking the DHCP snooping bindings database if required.
4.
Click Apply.