Specifications
CLI Management Guide
TigerAccess™ EE
218 SMC7824M/VSW
To display the configured APR access lists, use the following command.
Command Mode Description
show arp access-list [NAME] Global Displays existing ARP access list names.
7.12.3.2 Enabling ARP Inspection Filtering
To enable/disable the ARP inspection filtering of a certain range of IP addresses from the
ARP access list, use the following command.
Command Mode Description
ip arp inspection filter NAME
vlan VLANS
Enables ARP inspection filtering with a configured ARP
access list on specified VLAN.
NAME: ARP access list name
no ip arp inspection filter NAME
vlan VLANS
Global
Disables ARP inspection filtering with a configured ARP
access list on specified VLAN.
ARP inspection actually runs in the system after the configured ARP access list applies to
specific VLAN using the ip arp inspection filter command.
7.12.3.3 ARP Address Validation
The switch also provides the ARP validation feature. Regardless of a static ARP table, the
ARP validation will discard ARP packets in the following cases:
• In case a sender MAC address of ARP packet does not match a source MAC
address of Ethernet header.
• In case a target MAC address of ARP reply packet does not match a destination
MAC address of Ethernet header.
• In case of a sender IP address of ARP packet or target IP address is 0.0.0.0 or
255.255.255.255 or one of multicast IP addresses.
To enable/disable the ARP validation, use the following command.
Command Mode Description
ip arp inspection validate {src-
mac | dst-mac | ip}
Enables the ARP validation with the following options.
src-mac: source MAC address.
dst-mac: destination MAC address.
ip: source/destination IP address.
no ip arp inspection validate
{src-mac | dst-mac | ip}
Global
Disables the ARP validation.
The src-mac, dst-mac, and ip options can be configured together.
i
i