DELL S6000-ON User Manual
To see how many valid and invalid ARP packets have been processed, use the show arp inspection
statistics command.
statistics command.
Dell#show arp inspection statistics
Dynamic ARP Inspection (DAI) Statistics
---------------------------------------
Valid ARP Requests : 0
Valid ARP Replies : 1000
Invalid ARP Requests : 1000
Invalid ARP Replies : 0
Dell#
Bypassing the ARP Inspection
You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in
multi-switch environments.
ARPs received on trusted ports bypass validation against the binding table. All ports are untrusted by
default.
To bypass the ARP inspection, use the following command.
To bypass the ARP inspection, use the following command.
• Specify an interface as trusted so that ARPs are not validated against the binding table.
INTERFACE mode
arp inspection-trust
Dell Networking OS Behavior: Introduced in Dell Networking OS version 8.2.1.0, DAI was available for
Layer 3 only. However, Dell Networking OS version 8.2.1.1 extends DAI to Layer 2.
Layer 3 only. However, Dell Networking OS version 8.2.1.1 extends DAI to Layer 2.
Source Address Validation
Using the DHCP binding table, Dell Networking OS can perform three types of source address validation
(SAV).
Table 22. Three Types of Source Address Validation
Source Address Validation
Description
IP Source Address Validation
Prevents IP spoofing by forwarding only IP packets
that have been validated against the DHCP binding
table.
that have been validated against the DHCP binding
table.
DHCP MAC Source Address Validation
Verifies a DHCP packet’s source hardware address
matches the client hardware address field
(CHADDR) in the payload.
matches the client hardware address field
(CHADDR) in the payload.
IP+MAC Source Address Validation
Verifies that the IP source address and MAC source
address are a legitimate pair.
address are a legitimate pair.
Dynamic Host Configuration Protocol (DHCP)
315