Specifications

ManualsBrandsCisco ManualsDocking StationAccess Registrar 3.5

281

282

283

284

285

286

287

288

289

290

2-233

Catalyst 4500 Se ries S wit ch C is co IO S C om mand R efer ence —Re lease I OS XE 3 .3.0 XO(1 5.1 (1)XO)

OL_28738 -01

Chapter 2 Cisco IOS Commands for the Catalyst 4500 Series Switches

ip arp inspection validate

ip arp inspect ion validate

To perform specific checks for ARP inspectio n, use the ip arp inspection validate comma nd. To disable

checks, use the no form of this command.

ip arp inspection validate [src-mac] [dst- mac] [ip ]

no ip arp inspection validate [src-mac] [dst-mac] [ip]

Syntax Description

Defaults Checks are disab led.

Command Modes Global configura tion mode

Usage Guidelines When enabling the checks, specify at least one of the keywords (src-mac, dst-mac, and ip) on the

command line. Each command overrides the configuration of the previous command. If a command

enables src and dst ma c validations, and a second command enables IP valid ation on ly, the src a nd dst

mac validations are disabl ed as a result of the second com mand.

The no form of this comma nd disables only the sp ecified checks. If none of the c heck options are

enabled, all th e chec ks are d isabl ed.

Examples This example show how to enable the source MAC validation:

Switch(config)# ip arp inspection validate src-mac

Switch(config)# end

Switch# show ip arp inspection vlan 1

Source Mac Validation : Enabled

Destination Mac Validation : Disabled

IP Address Validation : Disabled

src-mac (Optional) Checks the source MAC address in the Ethernet header against the sender’s

MAC address in the ARP body. This checking is done against bot h ARP requests and

responses.

Note When src-mac is enabled, packets with different MAC addresses are classified

as invalid and are dropped.

dst-mac (Optional) Checks the destination MAC address in the Ethernet header against the

target MAC address in ARP body. This checking is done for ARP responses.

Note When dst-mac is enabled, the packets with different MAC addresses are

classified as invalid and are dropped.

ip (Optional) Checks the ARP body f or invalid and unexpected I P addresses. Address es

include 0.0.0.0, 255.255.25 5.255, and all I P mu lticast addresses.

The sender IP addresses are checke d in all ARP requests and respons es and target IP

addresses are checked only in ARP respon ses.