beautypg.com

Show ip source- guard binding, Arp inspection, Show ip source-guard binding – LevelOne GTL-2691 User Manual

Page 960: Table 91: arp inspection commands, Show ip source-guard, Binding, Arp i

background image

C

HAPTER

29

| General Security Measures

ARP Inspection

– 960 –

show ip source-

guard binding

This command shows the source guard binding table.

S

YNTAX

show ip source-guard binding [dhcp-snooping | static]

dhcp-snooping - Shows dynamic entries configured with DHCP

Snooping commands (see

page 946

)

static - Shows static entries configured with the

ip source-guard

binding

command (see

page 956

).

C

OMMAND

M

ODE

Privileged Exec

E

XAMPLE

Console#show ip source-guard binding

MacAddress IpAddress Lease(sec) Type VLAN Interface

----------------- --------------- ---------- -------------------- ---- --------

11-22-33-44-55-66 192.168.0.99 0 Static 1 Eth 1/5

Console#

ARP I

NSPECTION

ARP Inspection validates the MAC-to-IP address bindings in Address

Resolution Protocol (ARP) packets. It protects against ARP traffic with

invalid address bindings, which forms the basis for certain “man-in-the-

middle” attacks. This is accomplished by intercepting all ARP requests and

responses and verifying each of these packets before the local ARP cache is

updated or the packet is forwarded to the appropriate destination,

dropping any invalid ARP packets.

ARP Inspection determines the validity of an ARP packet based on valid IP-

to-MAC address bindings stored in a trusted database – the DHCP snooping

binding database. ARP Inspection can also validate ARP packets against

user-configured ARP access control lists (ACLs) for hosts with statically

configured IP addresses.

This section describes commands used to configure ARP Inspection.

Table 91: ARP Inspection Commands

Command

Function

Mode

ip arp inspection

Enables ARP Inspection globally on the switch

GC

ip arp inspection filter

Specifies an ARP ACL to apply to one or more VLANs GC

ip arp inspection log-buffer

logs

Sets the maximum number of entries saved in a log

message, and the rate at these messages are sent

GC

ip arp inspection validate

Specifies additional validation of address

components in an ARP packet

GC

ip arp inspection vlan

Enables ARP Inspection for a specified VLAN or range

of VLANs

GC

See also other documents in the category LevelOne Routers: