Manualshelf

Installation guide

ManualsBrandsCisco ManualsComputer equipmentExplorer 4700
371372373374375376377378379380
10-17
Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance
OL-26645-02
Chapter 10 Configuring Network Access
Configuring Virtual Context VLAN Interfaces
ARP Inspection Type
By default, ARP inspection is disabled on all interfaces, allowing all
ARP packets through the ACE. When you enable ARP inspection, the
ACE appliance uses the IPv4 address and interface ID (ifID) of an
incoming ARP packet as an index into the ARP table. ARP inspection
operates only on ingress bridged interfaces.
ARP inspection prevents malicious users from impersonating other
hosts or routers, known as ARP spoofing. ARP spoofing can enable a
“man-in-the-middle” attack. For example, a host sends an ARP request
to the gateway router. The gateway router responds with the gateway
router MAC address.
Note If ARP inspection fails, then the ACE does not perform source
MAC validation.
The options are as follows:
N/A—ARP inspection is disabled.
Flood—Enables ARP forwarding of nonmatching ARP packets.
The ACE appliance forwards all ARP packets to all interfaces in the
bridge group. This is the default setting. In the absence of a static
ARP entry, this option bridges all packets.
No-flood—Disables ARP forwarding for the interface and drops
nonmatching ARP packets. In the absence of a static ARP entry, this
option does not bridge any packets.
UDP Config Commands Select the UDP boost command:
N/A—not applicable
IP Destination Hash—Performs destination IP hash during
connection.
IP Source Hash—Performs source IP hash during connection
lookup.
Table 10-3 VLAN Interface Attributes (continued)
Field Description