Ip arp inspection filter – Microsens MS453490M Management Guide User Manual

C

HAPTER

25

| General Security Measures

ARP Inspection

– 675 –

ip arp inspection

filter

This command specifies an ARP ACL to apply to one or more VLANs. Use

the no form to remove an ACL binding.

S

YNTAX

ip arp inspection filter arp-acl-name vlan {vlan-id | vlan-range}

[static]
arp-acl-name - Name of an ARP ACL.

(Maximum length: 16 characters)
vlan-id - VLAN ID. (Range: 1-4093)
vlan-range - A consecutive range of VLANs indicated by the use a

hyphen, or a random group of VLANs with each entry separated by

a comma.
static - ARP packets are only validated against the specified ACL,

address bindings in the DHCP snooping database is not checked.

D

EFAULT

S

ETTING

ARP ACLs are not bound to any VLAN

Static mode is not enabled

C

OMMAND

M

ODE

Global Configuration

C

OMMAND

U

SAGE

◆

ARP ACLs are configured with the commands described on

page 310

.

◆

If static mode is enabled, the switch compares ARP packets to the

specified ARP ACLs. Packets matching an IP-to-MAC address binding in

a permit or deny rule are processed accordingly. Packets not matching

any of the ACL rules are dropped. Address bindings in the DHCP

snooping database are not checked.

◆

If static mode is not enabled, packets are first validated against the

specified ARP ACL. Packets matching a deny rule are dropped. All

remaining packets are validated against the address bindings in the

DHCP snooping database.

E

XAMPLE

Console(config)#ip arp inspection filter sales vlan 1

Console(config)#