- Cisco Switch User's Manual
Security
Dynamic ARP Inspection
Cisco Small Business 300 Series Managed Switch Administration Guide 356
17
ARP Inspection Work Flow
To configure ARP Inspection:
STEP 1 Enable ARP Inspection and configure various options in the Security > ARP
Inspection > Properties page.
STEP 2 Configure interfaces as ARP trusted or untrusted in the Security > ARP Inspection
> Interface Setting page.
STEP 3 Add rules in the Security > ARP Inspection > ARP Access Control and ARP Access
Control Rules pages.
STEP 4 Define the VLANs on which ARP Inspection is enabled and the Access Control
Rules for each VLAN in the Security > ARP Inspection > VLAN Settings page.
Defining ARP Inspection Properties
To configure ARP Inspection:
STEP 1 Click Security > ARP Inspection > Properties.
Enter the following fields:
• ARP Inspection Status—Select to enable ARP Inspection.
• ARP Packet Validation—Select to enable the following validation checks:
- Source MAC — Compares the packets source MAC address in the
Ethernet header against the senders MAC address in the ARP request.
This check is performed on both ARP requests and responses.
- Destination MAC — Compares the packets destination MAC address in
the Ethernet header against the destination interfaces MAC address. This
check is performed for ARP responses.
- IP Addresses — Compares the ARP body for invalid and unexpected IP
addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP
Multicast addresses.
• Log Buffer Interval—Select one of the following options:
- Retry Frequency—Enable sending SYSLOG messages for dropped
packets. Entered the frequency with which the messages are sent.