Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Performing Dynamic ARP Inspection Validation Checks
SUMMARY STEPS
1. enable
2. configure terminal
3. ip arp inspection validate {[src-mac] [dst-mac] [ip]}
4. exit
5. show ip arp inspection vlan vlan-range
6. show running-config
7. copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Switch> enable
Step 2
configure terminal
Example:
Switch# configure terminal
Step 3
ip arp inspection validate
{[src-mac] [dst-mac] [ip]}
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1314
Purpose
Enables privileged EXEC mode. Enter your password if prompted.
Enters the global configuration mode.
Performs a specific check on incoming ARP packets. By default, no checks are
performed.
The keywords have these meanings:
• For src-mac, check the source MAC address in the Ethernet header against
the sender MAC address in the ARP body. This check is performed on
both ARP requests and responses. When enabled, packets with different
MAC addresses are classified as invalid and are dropped.
• For dst-mac, check the destination MAC address in the Ethernet header
against the target MAC address in ARP body. This check is performed for
ARP responses. When enabled, packets with different MAC addresses are
classified as invalid and are dropped.
• For ip, check the ARP body for invalid and unexpected IP addresses.
Addresses include 0.0.0.0, 255.255.255.255, and all IP multicast addresses.
Sender IP addresses are checked in all ARP requests and responses, and
target IP addresses are checked only in ARP responses.
You must specify at least one of the keywords. Each command overrides the
configuration of the previous command; that is, if a command enables src and
dst mac validations, and a second command enables IP validation only, the src
and dst mac validations are disabled as a result of the second command.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
