Siemens S223 User Manual
Page 168
UMN:CLI User Manual
SURPASS hiD 6615 S223/S323 R1.5
168 A50010-Y3-C150-2-7619
You can configure the switch to perform additional checks on the destination MAC ad-
dress, the sender and target IP address and the source MAC address.
Command Mode
Description
ip arp inspection validate
{src-
mac
| dst-mac | ip}
Inspects specific check on incoming ARP packets.
src-mac: checks the source MAC address. Packets
with different MAC addresses are classified as invalid
are dropped.
dst-mac: checks the destination MAC address. Packets
with different MAC addresses are classified as invalid
are dropped.
ip: checks the unexpected IP address.
ip arp inspection filter
NAME
vlan
VLAN
Applies ARP ACL to the VLAN.
NAME: ARP ACL name. It is created with the arp ac-
cess-list
NAME command.
ip arp inspection trust port
PORTS
Global
Configures a connection between switches as trusted.
PORTS: trusted port number.
To remove the specific ARP Inspection configuration, use the following commands
Command Mode
Description
no ip arp inspection validate
{src-mac | dst-mac | ip}
no ip arp inspection filter
NAME
vlan
VLAN
no ip arp inspection trust port
PORTS
Global Removes
specific
ARP
inspection configuration.
To display checking and statistics, use the following command.
Command Mode
Description
show ip arp inspection
[vlan
VLAN
]
show ip arp inspection statistics
[vlan VLAN]
show ip arp inspection trust
[port PORTS]
Enable
Global
Bridge
Displays the information of ARP inspection.
To clear ARP inspection mapping counter and statistics, use the following command.
Command Mode
Description
clear ip arp inspection statistics
[vlan VLAN]
Global
Bridge
Clears ARP inspection statistics.