Difference between revisions of "Netband Project - Dynamic Arp Inspection"
From Teknologisk videncenter
| Line 44: | Line 44: | ||
5 0 0 0 | 5 0 0 0 | ||
</pre> | </pre> | ||
| + | |||
| + | ==External Links== | ||
Revision as of 13:56, 14 April 2009
<accesscontrol>NetBand</accesscontrol> This page is part of the Netband Project
- Dynamic ARP inspection is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings using the DHCP snooping table. This capability protects the network from certain man-in-the-middle attacks.
- Dynamic ARP inspection is supported on access ports, trunk ports, EtherChannel ports, and private VLAN ports.
Configuration
ip arp inspection vlan 3,5
Verification
HQSW1#sh ip arp inspection
Source Mac Validation : Disabled
Destination Mac Validation : Disabled
IP Address Validation : Disabled
Vlan Configuration Operation ACL Match Static ACL
---- ------------- --------- --------- ----------
3 Enabled Active
5 Enabled Active
Vlan ACL Logging DHCP Logging
---- ----------- ------------
3 Deny Deny
5 Deny Deny
Vlan Forwarded Dropped DHCP Drops ACL Drops
---- --------- ------- ---------- ---------
3 123 197 197 0
5 15 0 0 0
Vlan DHCP Permits ACL Permits Source MAC Failures
---- ------------ ----------- -------------------
3 123 0 0
5 15 0 0
Vlan Dest MAC Failures IP Validation Failures Invalid Protocol Data
---- ----------------- ---------------------- ---------------------
3 0 0 0
5 0 0 0