beautypg.com

Arp security violation, Arp security violation {log|trap|link, Down – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1441

background image

DHCP Snooping Commands

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

56.3

arp security violation

Use this command to specify an additional action to perform if an ARP security violation is
detected on the ports. ARP security must also be enabled (

arp security command on

page 56.2

).

Use the no variant of this command to remove the specified action, or all actions. Traffic
violating ARP security will be dropped, but no other action will be taken.

Syntax

arp security violation {log|trap|link-down} ...

no arp security violation [log|trap|link-down] ...

Default

When the switch detects an ARP security violation, it drops the packet. By default, it does
not perform any other violation actions.

Mode

Interface Configuration (switch ports, static or dynamic aggregated links)

Usage

When the switch detects an ARP security violation on an untrusted port in a VLAN that has
ARP security enabled, it drops the packet. This command sets the switch to perform
additional actions in response to ARP violations.

If a port has been shut down in response to a violation, to bring it back up again after any
issues have been resolved, use the

no shutdown command on page 12.14

.

Example

To send SNMP notifications for ARP security violations on ports 1.0.1 to 1.0.6, use the
commands:

Parameter

Description

log

Generate a log message. To display these messages, use the

show log

command on page 10.37

.

trap

Generate an SNMP notification (trap). To send SNMP notifications,
SNMP must also be configured, and DHCP snooping notifications must
be enabled using the

snmp-server enable trap command on page

68.16

.

Notifications are limited to one per second and to one per source MAC
and violation reason. Additional violations within a second of a
notification being sent will not result in further notifications.

Default: disabled.

link-down

Shut down the port that received the packet.

Default: disabled.

awplus#

configure terminal

awplus(config)#

snmp-server enable trap dhcpsnooping

awplus(config)#

interface port1.0.1-port1.0.6

awplus(config-if)#

arp security violation trap

See also other documents in the category Allied Telesis Computer hardware: