beautypg.com

Enabling dai on a vlan, Enabling trust on a port, Displaying arp inspection status and ports – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 335: Displaying the arp table, Process.refer to

background image

The ARP entry will be in Pend (pending) status until traffic with the matching IP-to-MAC is received on a
port.

Syntax: [no] arp ip-addr mac-addr inspection

The ip-addr mac-addr parameter specifies a device IP address and MAC address pairing.

Enabling DAI on a VLAN

DAI is disabled by default. To enable DAI on an existing VLAN, enter the following command.

device(config)#ip arp inspection vlan 2

The command enables DAI on VLAN 2. ARP packets from untrusted ports in VLAN 2 will undergo DAI
inspection.

Syntax: [no] ip arp inspection vlan vlan-number

The vlan-number variable specifies the ID of a configured VLAN.

Enabling trust on a port

The default trust setting for a port is untrusted. For ports that are connected to host ports, leave their
trust settings as untrusted.

To enable trust on a port, enter commands such as the following.

device(config)#interface ethernet 1/4

device(config-if-e10000-1/4)#arp inspection trust

The commands change the CLI to the interface configuration level of port 1/4 and set the trust setting of
port 1/4 to trusted.

Syntax: [no] arp inspection trust

Displaying ARP inspection status and ports

To display the ARP inspection status for a VLAN and the trusted or untrusted port, enter the following
command.

device#show ip arp inspection vlan 2

IP ARP inspection VLAN 2: Disabled

Trusted Ports : ethe 1/4

Untrusted Ports : ethe 2/1 to 2/3 ethe 4/1 to 4/24 ethe 6/1 to 6/4 ethe 8/1 to

8/4

Syntax: show ip arp inspection vlan vlan_id

The vlan_id variable specifies the ID of a configured VLAN.

Displaying the ARP table

To display the ARP table, enter the show arp command.

device#show arp

Total number of ARP entries: 2, maximum capacity: 6000

No IP Address MAC Address Type Age Port Status

1 10.43.1.1 0000.00a0.4000

Dynamic 0 mgmt1 Valid

Enabling DAI on a VLAN

FastIron Ethernet Switch Security Configuration Guide

335

53-1003088-03

See also other documents in the category Brocade Computer Accessories: