Arp Inspection Work Flow; Defining Arp Inspection Properties - Cisco 500 Series Administration Manual

21
STEP 1
STEP 2
STEP 3
STEP 4
STEP 1
477

ARP Inspection Work Flow

To configure ARP Inspection:
Enable ARP Inspection and configure various options in the Security > ARP
Inspection > Properties page.
Configure interfaces as ARP trusted or untrusted in the Security > ARP Inspection
> Interface Setting page.
Add rules in the Security > ARP Inspection > ARP Access Control and ARP Access
Control Rules pages.
Define the VLANs on which ARP Inspection is enabled and the Access Control
Rules for each VLAN in the Security > ARP Inspection > VLAN Settings page.

Defining ARP Inspection Properties

To configure ARP Inspection:
Click Security > ARP Inspection > Properties.
Enter the following fields:
• ARP Inspection Status—Select to enable ARP Inspection.
• ARP Packet Validation—Select to enable the following validation checks:
- Source MAC — Compares the packets source MAC address in the
Ethernet header against the senders MAC address in the ARP request.
This check is performed on both ARP requests and responses.
- Destination MAC — Compares the packets destination MAC address in
the Ethernet header against the destination interfaces MAC address. This
check is performed for ARP responses.
- IP Addresses — Compares the ARP body for invalid and unexpected IP
addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP
Multicast addresses.
• Log Buffer Interval—Select one of the following options:
- Retry Frequency—Enable sending SYSLOG messages for dropped
packets. Entered the frequency with which the messages are sent.
Cisco 500 Series Stackable Managed Switch Administration Guide
Security
ARP Inspection