18
STEP 1
STEP 2
STEP 1
STEP 2
374
Click Security > ARP Inspection > Properties.
Enter the following fields:
•
ARP Inspection Status—Select to enable ARP Inspection.
•
ARP Packet Validation—Select to enable the following validation checks:
-
Source MAC — Compares the packets source MAC address in the
Ethernet header against the senders MAC address in the ARP request.
This check is performed on both ARP requests and responses.
-
Destination MAC — Compares the packets destination MAC address in
the Ethernet header against the destination interfaces MAC address. This
check is performed for ARP responses.
-
IP Addresses — Compares the ARP body for invalid and unexpected IP
addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP
Multicast addresses.
•
Log Buffer Interval—Select one of the following options:
-
Retry Frequency—Enable sending SYSLOG messages for dropped
packets. Entered the frequency with which the messages are sent.
-
Never—Disabled SYSLOG dropped packet messages.
Click Apply. The settings are defined, and the Running Configuration file is
updated.
Defining Dynamic ARP Inspection Interfaces Settings
Packets from untrusted ports/LAGs are checked against the ARP Access Rules
table and the DHCP Snooping Binding database if DHCP Snooping is enabled (see
the DHCP Snooping Binding Database page).
By default, ports/LAGs are ARP Inspection untrusted.
To change the ARP trusted status of a port/LAG:
Click Security > ARP Inspection > Interface Settings.
The ports/LAGs and their ARP trusted/untrusted status are displayed.
To set a port/LAG as untrusted, select the port/LAG and click Edit.
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Security
ARP Inspection