ZyXEL Communications MES3500-24 User Manual
Chapter 26 IP Source Guard
MES3500-24/24F User’s Guide
230
The following table describes the labels in this screen.
26.7.1 ARP Inspection Port Configure
Use this screen to specify whether ports are trusted or untrusted ports for ARP inspection. You can
also specify the maximum rate at which the Switch receives ARP packets on each untrusted port. To
also specify the maximum rate at which the Switch receives ARP packets on each untrusted port. To
Table 84
ARP Inspection Configure
LABEL
DESCRIPTION
Active
Select this to enable ARP inspection on the Switch. You still have to enable ARP
inspection on specific VLAN and specify trusted ports.
inspection on specific VLAN and specify trusted ports.
Filter Aging Time
Filter aging time
This setting has no effect on existing MAC address filters.
Enter how long (1-2147483647 seconds) the MAC address filter remains in the Switch
after the Switch identifies an unauthorized ARP packet. The Switch automatically
deletes the MAC address filter afterwards. Type 0 if you want the MAC address filter to
be permanent.
after the Switch identifies an unauthorized ARP packet. The Switch automatically
deletes the MAC address filter afterwards. Type 0 if you want the MAC address filter to
be permanent.
Log Profile
Log buffer size
Enter the maximum number (1-1024) of log messages that were generated by ARP
packets and have not been sent to the syslog server yet. Make sure this number is
appropriate for the specified Syslog rate and Log interval.
packets and have not been sent to the syslog server yet. Make sure this number is
appropriate for the specified Syslog rate and Log interval.
If the number of log messages in the Switch exceeds this number, the Switch stops
recording log messages and simply starts counting the number of entries that were
dropped due to unavailable buffer. Click Clearing log status table in the ARP
Inspection Log Status screen to clear the log and reset this counter. See
recording log messages and simply starts counting the number of entries that were
dropped due to unavailable buffer. Click Clearing log status table in the ARP
Inspection Log Status screen to clear the log and reset this counter. See
.
Syslog rate
Type the maximum number of syslog messages the Switch can send to the syslog
server in one batch. This number is expressed as a rate because the batch frequency is
determined by the Log Interval. You must configure the syslog server (
server in one batch. This number is expressed as a rate because the batch frequency is
determined by the Log Interval. You must configure the syslog server (
) to use this. Enter 0 if you do not want the Switch to send log messages
generated by ARP packets to the syslog server.
The relationship between Syslog rate and Log interval is illustrated in the following
examples:
examples:
•
4 invalid ARP packets per second, Syslog rate is 5, Log interval is 1: the Switch
sends 4 syslog messages every second.
•
6 invalid ARP packets per second, Syslog rate is 5, Log interval is 2: the Switch
sends 5 syslog messages every 2 seconds.
Log interval
Type how often (1-86400 seconds) the Switch sends a batch of syslog messages to the
syslog server. Enter 0 if you want the Switch to send syslog messages immediately. See
Syslog rate for an example of the relationship between Syslog rate and Log
interval.
syslog server. Enter 0 if you want the Switch to send syslog messages immediately. See
Syslog rate for an example of the relationship between Syslog rate and Log
interval.
Apply
Click Apply to save your changes to the Switch’s run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top
navigation panel to save your changes to the non-volatile memory when you are done
configuring.
these changes if it is turned off or loses power, so use the Save link on the top
navigation panel to save your changes to the non-volatile memory when you are done
configuring.
Cancel
Click this to reset the values in this screen to their last-saved values.