Arp inspection, Table 80: arp inspection commands, Arp i – Microsens MS453490M Management Guide User Manual

Page 673: Nspection

Advertising
background image

C

HAPTER

25

| General Security Measures

ARP Inspection

– 673 –

E

XAMPLE

Console#show ip source-guard binding

MacAddress IpAddress Lease(sec) Type VLAN Interface

----------------- --------------- ---------- -------------------- ---- --------

11-22-33-44-55-66 192.168.0.99 0 Static 1 Eth 1/5

Console#

ARP I

NSPECTION

ARP Inspection validates the MAC-to-IP address bindings in Address

Resolution Protocol (ARP) packets. It protects against ARP traffic with

invalid address bindings, which forms the basis for certain “man-in-the-

middle” attacks. This is accomplished by intercepting all ARP requests and

responses and verifying each of these packets before the local ARP cache is

updated or the packet is forwarded to the appropriate destination,

dropping any invalid ARP packets.

ARP Inspection determines the validity of an ARP packet based on valid IP-

to-MAC address bindings stored in a trusted database – the DHCP snooping

binding database. ARP Inspection can also validate ARP packets against

user-configured ARP access control lists (ACLs) for hosts with statically

configured IP addresses.

This section describes commands used to configure ARP Inspection.

Table 80: ARP Inspection Commands

Command

Function

Mode

ip arp inspection

Enables ARP Inspection globally on the switch

GC

ip arp inspection filter

Specifies an ARP ACL to apply to one or more VLANs GC

ip arp inspection log-buffer

logs

Sets the maximum number of entries saved in a log

message, and the rate at these messages are sent

GC

ip arp inspection validate

Specifies additional validation of address

components in an ARP packet

GC

ip arp inspection vlan

Enables ARP Inspection for a specified VLAN or range

of VLANs

GC

ip arp inspection limit

Sets a rate limit for the ARP packets received on a

port

IC

ip arp inspection trust

Sets a port as trusted, and thus exempted from ARP

Inspection

IC

show ip arp inspection

configuration

Displays the global configuration settings for ARP

Inspection

PE

show ip arp inspection

interface

Shows the trust status and inspection rate limit for

ports

PE

show ip arp inspection log

Shows information about entries stored in the log,

including the associated VLAN, port, and address

components

PE

Advertising
Popular Brands
Popular manuals