beautypg.com

Arp packet validation – Brocade FastIron Ethernet Switch Layer 3 Routing Configuration Guide User Manual

Page 58

background image

Static ARP entry support (Continued)

TABLE 6

Default maximum

Configurable minimum

Configurable maximum

ICX 6430 and ICX 6450 devices

256

64

1024

ICX 6610

512

512

6000

Enabling learning gratuitous ARP

Learning gratuitous ARP enables Brocade Layer 3 devices to learn ARP entries from incoming
gratuitous ARP packets from the hosts which are directly connected. This help achieve faster
convergence for the hosts when they are ready to send traffic.

A new ARP entry is created when a gratuitous ARP packet is received. If the ARP is already existing,
it will be updated with the new content.

To enable IP ARP learn gratuitous ARP, enter commands such as the following:

Brocade (config)# ip arp learn-gratuitous-arp

Brocade (config)# no ip arp learn-gratuitous-arp

Syntax: [no] ip arp learn-gratuitous-arp

The no form of the command disables learn gratuitous ARP from the device.

Use show run command to see whether ARP is enabled or disabled. Similarly, use show arp
command to see the newly learnt ARP entries.

ARP Packet Validation

Validates ARP Packets to avoid traffic interruption or loss.

To avoid traffic interruption or loss, ARP Packet Validation allows the user to detect and drop ARP
packets that do not pass the ARP validation process. ARP Packet Validation is disabled by default and
can be enabled at the global configuration level. This functionality can be configured for the destination
MAC address, the IP address and the source MAC address or with a combination of these
parameters. The Ethernet header contains the destination MAC address and source MAC address,
while the ARP packet contains the sender hardware address and target hardware address.

Follow these steps to perform checks on the incoming ARP Packets.

1. Enter the global configuration mode.
2. Run the ip arp inspection validate [dst-mac | ip | src-mac] command to perform a check on any

incoming ARP packets. Use one of the following parameters to run the validation check.

dst-mac

The destination MAC address in the Ethernet header must be the same as the target hardware
address in the ARP body. This validation is performed for the ARP response packet. When the
destination MAC address validation is enabled, the packets with different MAC addresses are
classified as invalid and are dropped.

src-mac

ARP Packet Validation

58

FastIron Ethernet Switch Layer 3 Routing Configuration Guide

53-1003087-04

See also other documents in the category Brocade Computer Accessories: