Dell PowerConnect 6248 User's Guide - Page 446
DHCP Snooping, Bad Source MAC, Bad Dest MAC, Invalid IP, Forwarded, Dropped
View all Dell PowerConnect 6248 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 446 highlights
• Bad Source MAC - The number of ARP packets that were dropped by DAI because the sender MAC address in the ARP packet did not match the source MAC in the Ethernet header. • Bad Dest MAC - The number of ARP packets that were dropped by DAI because the target MAC address in the ARP reply packet did not match the destination MAC in the Ethernet header. • Invalid IP - The number of ARP packets dropped by DAI because the sender IP address in the ARP packet or target IP address in the ARP reply packet is not valid. Invalid addresses include 0.0.0.0, 255.255.255.255, IP multicast addresses, class E addresses (240.0.0.0/4), and loopback addresses (127.0.0.0/8). • Forwarded - The number of valid ARP packets forwarded by DAI. • Dropped - The number of not valid ARP packets dropped by DAI. Viewing Dynamic ARP Inspection Statistics With CLI Commands For information about the CLI commands that perform this function, refer to the following chapter in the CLI Reference Guide: • Dynamic ARP Inspection Commands The following table summarizes the equivalent CLI commands for this feature. Table 7-63. Dynamic ARP Inspection Command CLI Command show ip arp inspection statistics clear counters ip arp inspection Description Displays the statistics of the ARP packets processed by Dynamic ARP Inspection. Resets the statistics for Dynamic ARP Inspection on all VLANs. DHCP Snooping DHCP snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP servers to filter harmful DHCP messages and to build a bindings database of MAC address, IP address, VLAN ID, and port tuples that are considered authorized. You can enable DHCP snooping globally, perinterface, and on specific VLANs, and configure ports within the VLAN to be trusted or untrusted. DHCP servers must be reached through trusted ports. DHCP snooping enforces the following security rules: • DHCP packets from a DHCP server (DHCPOFFER, DHCPACK, DHCPNAK, DHCPRELEASEQUERY) are dropped if received on an untrusted port. • DHCPRELEASE and DHCPDECLINE messages are dropped if for a MAC address in the snooping database, but the binding's interface is other than the interface where the message was received. • On untrusted interfaces, the switch drops DHCP packets whose source MAC address does not match the client hardware address. This feature is a configurable option. 446 Configuring Switching Information