Ip arp inspection validate – Brocade FastIron Ethernet Switch Layer 3 Routing Configuration Guide User Manual

ip arp inspection validate

Validates the ARP packet destination MAC, ARP Packet IP address and source MAC address.

Syntax

ip arp inspection validate [dst-mac | ip | src-mac]

Command Default

The IP ARP packet validation is disabled.

Parameters

dst-mac

Checks the destination MAC address in the Ethernet header against the target MAC
address in the ARP body for ARP responses. When enabled, packets with different MAC
addresses are classified as invalid and are dropped.

ip

Checks the ARP body for invalid and unexpected IP addresses. Addresses include 0.0.0.0,
255.255.255.255, and all IP multicast addresses. Sender IP addresses are checked in all
ARP requests and responses, and target IP addresses are checked only in ARP responses.

src-mac

Checks the source MAC address in the Ethernet header against the sender MAC address in
the ARP body for ARP requests and responses. When enabled, packets with different MAC
addresses are classified as invalid and are dropped.

Modes

Global configuration.

Usage Guidelines

Use this command to validate the ARP packet destination MAC, ARP Packet IP address and source
MAC address.

Examples

The following example enables IP ARP inspection:

device(config)# configure terminal

device(config)# ip arp inspection validate dst-mac

device(config)# ip arp inspection validate src-mac

device(config)# ip arp inspection validate ip

History

Release version

Command history

08.0.10a

This command was introduced.

ip arp inspection validate

672

FastIron Ethernet Switch Layer 3 Routing Configuration Guide

53-1003087-04