ARP validation is also linked to the “DHCP (Dynamic Host Configuration Protocol) snooping” feature. The same DHCP bindings database created when you enabled DHCP snooping is also used to validate ARP entries arriving on the specified ports.
| Validation Option | ARP Request Packet Type | ARP Response Packet Type |
|---|---|---|
|
DHCP |
Source IP is not present in the DHCP snooping database OR is present but Source Hardware Address doesn't match the MAC in the DHCP bindings entry. |
|
|
IP |
Source IP == Mcast OR Target IP == Mcast OR Source IP is not present in the DHCP snooping database OR Source IP exists in the DHCP bindings database but Source Hardware Address doesn't match the MAC in the DHCP bindings entry. |
Source IP == Mcast OR Target IP == Mcast |
|
Source-MAC |
Ethernet source MAC does not match the Source Hardware Address. |
Ethernet source MAC does not match the Source Hardware Address. |
|
Destination-MAC |
Ethernet destination MAC does not match the Target Hardware Address. |
Depending on the options specified when enabling ARP validation, the following validations are done. Note that the 'DHCP' option does not have to be specified explicitly, it is always implied when ARP validation is enabled.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB