Alcatel-Lucent ls 6248 Mode D'Emploi
DHCP Snooping, IP Source Guard and ARP Inspection Commands
647
4
Syntax
ip arp inspection trust
no ip arp inspection trust
Default Configuration
The interface is untrusted.
Command Mode
Interface Configuration (Ethernet, Port-channel) mode
User Guidelines
The switch does not check ARP packets, which are received on the trusted
interface; it simply forwards the packets.
interface; it simply forwards the packets.
For untrusted interfaces, the switch intercepts all ARP requests and
responses. It verifies that the intercepted packets have valid IP-to-MAC
address bindings before updating the local cache and before forwarding the
packet to the appropriate destination. The switch drops invalid packets and
logs them in the log buffer according to the logging configuration specified with
the ip arp inspection log-buffer vlan Global Configuration mode command.
responses. It verifies that the intercepted packets have valid IP-to-MAC
address bindings before updating the local cache and before forwarding the
packet to the appropriate destination. The switch drops invalid packets and
logs them in the log buffer according to the logging configuration specified with
the ip arp inspection log-buffer vlan Global Configuration mode command.
Example
The following example configures an ARP inspection trust state on port 1/e16.
ip arp inspection validate
Use the ip arp inspection validate global configuration command to perform
specific checks for dynamic Address Resolution Protocol (ARP) inspection. Use the
no form of this command to return to the default settings.
specific checks for dynamic Address Resolution Protocol (ARP) inspection. Use the
no form of this command to return to the default settings.
Syntax
ip arp inspection validate
no ip arp inspection validate
Default Configuration
The default configuration is set to disabled.
Command Mode
Global Configuration mode
User Guidelines
The following are performed:
• Source MAC: Compare the source MAC address in the Ethernet header
against the sender MAC address in the ARP body. This check is performed
Console # (config)# interface ethernet 1/e16
Console # (config-if)# ip arp inspection trust
Console # (config-if)#
Console # (config-if)# ip arp inspection trust
Console # (config-if)#