Switch User Manual

set arpinspection trust

SecureStack C3 Configuration Guide 17-21

Parameters

Defaults

Loggingisdisabledbydefault.

Mode

Switchcommand,read‐write.

Usage

ThiscommandenablesdynamicARPinspection(DAI)ononeormoreVLANs.WhenDAIis

enabledonaVLAN,DAIiseffectivelyenabledontheinterfaces(physicalportsorLAGs)thatare

membersofthatVLAN.

DAIusestheDHCPsnoopingbindingsdatabasetoverifythatthesenderMACaddressand

the

sourceIPaddressareavalidpairinthedatabase.ARPpacketswhosesenderMACaddressand

senderIPaddressdonotmatchanentryinthedatabasearedropped.

Ifloggingisenabled,invalidARPpacketsarealsologged.

Example

ThisexampleenablesDAIonVLANs2through5andalsoenablesloggingofinvalidARPpackets

onthoseVLANs.

C3(su)->set arpinspection vlan 2-5 logging

set arpinspection trust

UsethiscommandtoenableordisableaportasadynamicARPinspectiontrustedport.

Syntax

set arpinspection trust port port-string {enable | disable}

Parameters

Defaults

Bydefault,allphysicalportsandLAGsareuntrusted.

Mode

Switchcommand,read‐write.

vlan‐range SpecifiestheVLANorrangeofVLANsonwhichtoenabledynamic

ARPinspection.

logging (Optional)EnablesloggingofinvalidARPpacketsforthatVLAN.

port‐string SpecifiestheportorportstobeenabledordisabledasDAItrusted

ports.TheportscanbephysicalportsorLAGsthataremembersofa

VLAN.

enable|disable EnablesordisablesthespecifiedportsastrustedforDAI.