Alcatel-Lucent ls 6248 User Guide

DHCP Snooping, IP Source Guard and ARP Inspection Commands

647

4

ip arp inspection trust

no ip arp inspection trust

The interface is untrusted.

Interface Configuration (Ethernet, Port-channel) mode

The switch does not check ARP packets, which are received on the trusted 
interface; it simply forwards the packets.

For untrusted interfaces, the switch intercepts all ARP requests and 
responses. It verifies that the intercepted packets have valid IP-to-MAC 
address bindings before updating the local cache and before forwarding the 
packet to the appropriate destination. The switch drops invalid packets and 
logs them in the log buffer according to the logging configuration specified with 
the ip arp inspection log-buffer vlan Global Configuration mode command.

The following example configures an ARP inspection trust state on port 1/e16.

Use the ip arp inspection validate global configuration command to perform 
specific checks for dynamic Address Resolution Protocol (ARP) inspection. Use the 
no form of this command to return to the default settings.

The default configuration is set to disabled.

Global Configuration mode

The following are performed:

• Source MAC: Compare the source MAC address in the Ethernet header 

against the sender MAC address in the ARP body. This check is performed 

Console # (config)# interface ethernet 1/e16
Console # (config-if)# ip arp inspection trust
Console # (config-if)#