Manualshelf

ECS4100 Series CLI Reference Guide-R07

ManualsBrandsEdgecore Networks ManualsEnterpriseL2+ Gigabit Ethernet Access Switch with two 10G Uplinks
361362363364365366367368369370
Table Of Contents
Chapter 9
| General Security Measures
Port-based Traffic Segmentation
– 370 –
show ip arp inspection
vlan
This command shows the configuration settings for VLANs, including ARP
Inspection status, the ARP ACL name, and if the DHCP Snooping database is used
after ARP ACL validation is completed.
Syntax
show ip arp inspection vlan [vlan-id
| vlan-range]
vlan-id - VLAN ID. (Range: 1-4094)
vlan-range - A consecutive range of VLANs indicated by the use a hyphen,
or a random group of VLANs with each entry separated by a comma.
Command Mode
Privileged Exec
Command Usage
Enter this command to display the configuration settings for all VLANs, or display
the settings for a specific VLAN by entering the VLAN identifier.
Example
Console#show ip arp inspection vlan 1
VLAN ID DAI Status ACL Name ACL Status
-------- --------------- -------------------- --------------------
1 disabled sales static
Console#
Port-based Traffic Segmentation
If tighter security is required for passing traffic from different clients through
downlink ports on the local network and over uplink ports to the service provider,
port-based traffic segmentation can be used to isolate traffic for individual clients.
Traffic belonging to each client is isolated to the allocated downlink ports. But the
switch can be configured to either isolate traffic passing across a clients allocated
uplink ports from the uplink ports assigned to other clients, or to forward traffic
through the uplink ports used by other clients, allowing different clients to share
access to their uplink ports where security is less likely to be compromised.
Table 67: Commands for Configuring Traffic Segmentation
Command Function Mode
traffic-segmentation Enables traffic segmentation GC
traffic-segmentation session Creates a client session GC