Difference between revisions of "Netband Project - Dynamic Arp Inspection"
From Teknologisk videncenter
Line 5: | Line 5: | ||
*Dynamic ARP inspection is supported on access ports, trunk ports, EtherChannel ports, and private VLAN ports. | *Dynamic ARP inspection is supported on access ports, trunk ports, EtherChannel ports, and private VLAN ports. | ||
+ | ==Configuration== | ||
+ | <pre> | ||
+ | ip arp inspection vlan 3,5 | ||
+ | </pre> | ||
+ | |||
+ | ==Verification== | ||
<pre> | <pre> | ||
− | ip arp inspection | + | HQSW1#sh ip arp inspection |
+ | |||
+ | Source Mac Validation : Disabled | ||
+ | Destination Mac Validation : Disabled | ||
+ | IP Address Validation : Disabled | ||
+ | |||
+ | Vlan Configuration Operation ACL Match Static ACL | ||
+ | ---- ------------- --------- --------- ---------- | ||
+ | 3 Enabled Active | ||
+ | 5 Enabled Active | ||
+ | |||
+ | Vlan ACL Logging DHCP Logging | ||
+ | ---- ----------- ------------ | ||
+ | 3 Deny Deny | ||
+ | 5 Deny Deny | ||
+ | |||
+ | Vlan Forwarded Dropped DHCP Drops ACL Drops | ||
+ | ---- --------- ------- ---------- --------- | ||
+ | 3 123 197 197 0 | ||
+ | 5 15 0 0 0 | ||
+ | |||
+ | Vlan DHCP Permits ACL Permits Source MAC Failures | ||
+ | ---- ------------ ----------- ------------------- | ||
+ | 3 123 0 0 | ||
+ | 5 15 0 0 | ||
+ | |||
+ | Vlan Dest MAC Failures IP Validation Failures Invalid Protocol Data | ||
+ | ---- ----------------- ---------------------- --------------------- | ||
+ | 3 0 0 0 | ||
+ | 5 0 0 0 | ||
</pre> | </pre> |
Revision as of 13:55, 14 April 2009
<accesscontrol>NetBand</accesscontrol> This page is part of the Netband Project
- Dynamic ARP inspection is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings using the DHCP snooping table. This capability protects the network from certain man-in-the-middle attacks.
- Dynamic ARP inspection is supported on access ports, trunk ports, EtherChannel ports, and private VLAN ports.
Configuration
ip arp inspection vlan 3,5
Verification
HQSW1#sh ip arp inspection Source Mac Validation : Disabled Destination Mac Validation : Disabled IP Address Validation : Disabled Vlan Configuration Operation ACL Match Static ACL ---- ------------- --------- --------- ---------- 3 Enabled Active 5 Enabled Active Vlan ACL Logging DHCP Logging ---- ----------- ------------ 3 Deny Deny 5 Deny Deny Vlan Forwarded Dropped DHCP Drops ACL Drops ---- --------- ------- ---------- --------- 3 123 197 197 0 5 15 0 0 0 Vlan DHCP Permits ACL Permits Source MAC Failures ---- ------------ ----------- ------------------- 3 123 0 0 5 15 0 0 Vlan Dest MAC Failures IP Validation Failures Invalid Protocol Data ---- ----------------- ---------------------- --------------------- 3 0 0 0 5 0 0 0