Configuring ARP Validation
-
Enable DHCP snooping using the command:.
enable
ip-security dhcp-snooping {vlan} vlan_name ports [all | ports] violation-action [drop-packet {[block-mac | block-port] [duration duration_in_seconds | permanently] | none]}] {snmp-trap}
ARP validation is disabled by default.
-
Enable and configure ARP validation using the
command:
enable
ip-security arp validation {destination-mac}
{source-mac} {ip} {vlan} vlan_name [all | ports] violation-action [drop-packet {[block-port] [duration duration_in_seconds | permanently]}]
{snmp-trap}
The violation action setting determines what
action(s) the switch takes when an invalid ARP is received. Any violation that occurs
causes the switch to generate an EMS log message. You can configure to suppress the log
messages by configuring EMS log filters. For more information about EMS, see the section
Using the Event Management System/Logging.
-
Disable ARP validation using the command:
disable
ip-security arp validation {vlan} vlan_name [all | ports]
Print
this page
Email this topic
Feedback
View PDF
Download EPUB