Siemens S323 User Manual
User Manual UMN:CLI
SURPASS hiD 6615 S223/S323 R1.5
SURPASS hiD 6615 S223/S323 R1.5
A50010-Y3-C150-2-7619 167
7.13.2 ARP
Alias
Although clients are joined in same client switch, it may be impossible to communicate
between clients for their private security. When you need to make them communicate
each other, the hiD 6615 S223/S323 supports ARP alias, which responses ARP request
from client net through concentrating switch.
between clients for their private security. When you need to make them communicate
each other, the hiD 6615 S223/S323 supports ARP alias, which responses ARP request
from client net through concentrating switch.
To register address of client net range in ARP alias, use the following command.
Command Mode
Description
arp-alias
A.B.C.D A.B.C.D
[MACADDR]
Global
Registers IP address range and MAC address in ARP
alias to make user’s equipment response ARP request.
alias to make user’s equipment response ARP request.
Unless you input MAC address, MAC address of user’s equipment will be used for ARP
response.
response.
To delete registered IP address range of ARP alias, use the following command.
Command Mode
Description
no arp-alias
START-IP-ADDRESS
END-IP-ADDRESS
Global
Deletes a registered IP address range of ARP alias.
To display ARP alias, use the following command.
Command Mode
Description
show arp-alias
Enable
Global
Shows a registered ARP alias.
7.13.3 ARP
Inspection
ARP provides IP communication by mapping an IP address to a MAC address. But a ma-
licious user can attack ARP caches of systems by intercepting traffic intended for other
hosts on the subnet. For example, Host B generates a broadcast message for all hosts
within the broadcast domain to obtain the MAC address associated with the IP address of
Host A. If Host C responses with an IP address of Host A (or B) and a MAC address of
Host C, Host A and Host B can use Host C’s MAC address as the destination MAC ad-
dress for traffic intended for Host A and Host B.
licious user can attack ARP caches of systems by intercepting traffic intended for other
hosts on the subnet. For example, Host B generates a broadcast message for all hosts
within the broadcast domain to obtain the MAC address associated with the IP address of
Host A. If Host C responses with an IP address of Host A (or B) and a MAC address of
Host C, Host A and Host B can use Host C’s MAC address as the destination MAC ad-
dress for traffic intended for Host A and Host B.
ARP Inspection is a security feature that validates ARP packets in a network. It intercepts
and discards ARP packets with invalid IP-MAC address binding.
and discards ARP packets with invalid IP-MAC address binding.
To enable and disable ARP Inspection on the hiX 5430 system, use the following com-
mand.
mand.
Command Mode
Description
ip arp inspection vlan
VLAN
Enables ARP-inspection function on a VLAN.
no ip arp inspection vlan
VLAN
Global
Disables ARP-inspection function on a VLAN.
i