»Unlabelled » IP ARP Inspection Switch Settings

IP ARP Inspection Switch Settings

Posted by fanie on Saturday, January 5, 2013

IP arp inspection is used to validate ip to mac binding of arp cache in a switch. This method prevent from man in the middle attack (broadcast arp request then responded by unknown switch using invalid mac address table). The switch database is using the dhcp snooping database. A trusted port of ip arp inspection will forward packet without check it. But untrusted packet will check packet before forwarding it.

Characteristics of ip arp inspection :
Validate ip-to-mac binding before updating local arp cache
Intercepting trusted and untrusted switch port
Drop invalid arp packets
Per vlan basis configuration

Example :

SW1(config)#ip arp inspection vlan 11
SW1#show ip arp inspection

Source Mac Validation      : Disabled
Destination Mac Validation : Disabled
IP Address Validation      : Disabled

Vlan     Configuration    Operation   ACL Match          Static ACL
 ----     -------------    ---------   ---------          ----------
   11     Enabled          Active

Vlan     ACL Logging      DHCP Logging      Probe Logging
 ----     -----------      ------------      -------------
   11     Deny             Deny              Off

Vlan      Forwarded        Dropped     DHCP Drops      ACL Drops
 ----      ---------        -------     ----------      ---------
   11              0              0              0              0

Vlan   DHCP Permits    ACL Permits  Probe Permits   Source MAC Failures
 ----   ------------    -----------  -------------   -------------------
   11              0              0              0                     0

Vlan   Dest MAC Failures   IP Validation Failures   Invalid Protocol Data
 ----   -----------------   ----------------------   ---------------------
   11                   0                        0                       0


at 8:28 AM

{ 0 comments... read them below or add one }


Post a Comment