Dell 9.7(0.0) Plumbing Product User Manual


  Open as PDF
of 1039
 
---------------------------------------------------------------------
Internet 10.1.1.251 - 00:00:4d:57:f2:50 Te 0/2 Vl 10 CP
Internet 10.1.1.252 - 00:00:4d:57:e6:f6 Te 0/1 Vl 10 CP
Internet 10.1.1.253 - 00:00:4d:57:f8:e8 Te 0/3 Vl 10 CP
Internet 10.1.1.254 - 00:00:4d:69:e8:f2 Te 0/50 Vl 10 CP
Dell#
To see how many valid and invalid ARP packets have been processed, use the show arp inspection
statistics command.
Dell#show arp inspection statistics
Dynamic ARP Inspection (DAI) Statistics
---------------------------------------
Valid ARP Requests : 0
Valid ARP Replies : 1000
Invalid ARP Requests : 1000
Invalid ARP Replies : 0
Dell#
Bypassing the ARP Inspection
You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in
multi-switch environments.
ARPs received on trusted ports bypass validation against the binding table. All ports are untrusted by
default.
To bypass the ARP inspection, use the following command.
Specify an interface as trusted so that ARPs are not validated against the binding table.
INTERFACE mode
arp inspection-trust
DAI is supported on Layer 2 and Layer 3.
Source Address Validation
Using the DHCP binding table, the system can perform three types of source address validation (SAV).
Table 18. Three Types of Source Address Validation
Source Address Validation Description
IP Source Address Validation Prevents IP spoofing by forwarding only IP packets
that have been validated against the DHCP binding
table.
DHCP MAC Source Address Validation Verifies a DHCP packet’s source hardware address
matches the client hardware address field
(CHADDR) in the payload.
IP+MAC Source Address Validation Verifies that the IP source address and MAC source
address are a legitimate pair.
336
Dynamic Host Configuration Protocol (DHCP)