21
STEP 1
STEP 2
STEP 3
STEP 4
STEP 1
477
ARP Inspection Work Flow
To configure ARP Inspection:
Enable ARP Inspection and configure various options in the Security > ARP
Inspection > Properties page.
Configure interfaces as ARP trusted or untrusted in the Security > ARP Inspection
> Interface Setting page.
Add rules in the Security > ARP Inspection > ARP Access Control and ARP Access
Control Rules pages.
Define the VLANs on which ARP Inspection is enabled and the Access Control
Rules for each VLAN in the Security > ARP Inspection > VLAN Settings page.
Defining ARP Inspection Properties
To configure ARP Inspection:
Click Security > ARP Inspection > Properties.
Enter the following fields:
•
ARP Inspection Status—Select to enable ARP Inspection.
•
ARP Packet Validation—Select to enable the following validation checks:
-
Source MAC — Compares the packets source MAC address in the
Ethernet header against the senders MAC address in the ARP request.
This check is performed on both ARP requests and responses.
-
Destination MAC — Compares the packets destination MAC address in
the Ethernet header against the destination interfaces MAC address. This
check is performed for ARP responses.
-
IP Addresses — Compares the ARP body for invalid and unexpected IP
addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP
Multicast addresses.
•
Log Buffer Interval—Select one of the following options:
-
Retry Frequency—Enable sending SYSLOG messages for dropped
packets. Entered the frequency with which the messages are sent.
Cisco 500 Series Stackable Managed Switch Administration Guide
Security
ARP Inspection