Specifications
Management Guide CLI
TigerAccess™ EE
SMC7824M/VSW 215
To set the aging time of gateway address in ARP alias, use the following command.
Command Mode Description
arp alias aging-time <5-
2147483647>
Changes the aging time of registered gateway address
in ARP alias.
5-2147483647: ARP alias gateway aging time (default:
300 sec)
arp alias aging-time
Global
Deleted the configured aging time and returns to the
default settings.
Unless you input a MAC address, the MAC address of user’s device will be used for ARP
response.
To display a registered ARP alias, use the following command.
Command Mode Description
show arp alias
Enable
Global
Bridge
Shows a registered ARP alias.
7.12.3 ARP Inspection
ARP provides IP communication by mapping an IP address to a MAC address. However,
a malicious user can attack ARP caches of systems by intercepting the traffic intended for
other hosts on the subnet. For example, Host B generates a broadcast message for all
hosts within the broadcast domain to obtain the MAC address associated with the IP ad-
dress of Host A. If Host C responses with an IP address of Host A (or B) and a MAC ad-
dress of Host C, Host A and Host B can use Host C’s MAC address as the destination
MAC address for traffic intended for Host A and Host B.
ARP Inspection is a security feature that validates ARP packets in a network. It discards
ARP packets with invalid IP-MAC address binding.
To activate/deactivate the ARP inspection function in the system, use the following com-
mand.
Command Mode Description
ip arp inspection vlan VLANS
Activates ARP inspection on a specified VLAN.
VLANS: VLAN ID (1-4094)
no ip arp inspection vlan VLANS
Global
Deactivates ARP inspection on a specified VLAN.
7.12.3.1 ARP Access List
You can exclude a given range of IP addresses from the ARP inspection using ARP ac-
cess lists. ARP access lists are created by the arp access-list command on the Global
Configuration mode. ARP access list permits or denies the ARP packets of a given range
of IP addresses.
i