Linksys SGE2000 Cisco Small Business SFE/SGE2xxx Series Managed Switches Admin - Page 157
Assigning ARP Inspection VLAN Settings, Configuring Device Security, Add ARP List
UPC - 745883572120
View all Linksys SGE2000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 157 highlights
Configuring Device Security Defining Dynamic ARP Inspection Add ARP List Page 4 In addition to the fields in the ARP Inspection List Page, the Add ARP List Page contains the additional field: • List Name - Specifies a name for the new ARP list. STEP 3 Define the fields. STEP 4 Click Apply. The new ARP Inspection List is added, and the device is updated. Assigning ARP Inspection VLAN Settings The ARP Inspection VLAN Settings Page contains fields for enabling ARP Inspection on VLANs. In the Enabled VLAN table, users assign static ARP Inspection Lists to enabled VLANs. When a packet passes through an untrusted interface which is enabled for ARP Inspection, the device performs the following checks in order: • Determines if the packet's IP address and MAC address exist in the static ARP Inspection list. If the addresses match, the packet passes through the interface. • If the device does not find a matching IP address, but DHCP Snooping is enabled on the VLAN, the device checks the DHCP Snooping database for the IP address-VLAN match. If the entry exists in the DHCP Snooping database, the packet passes through the interface. • If the packet's IP address is not listed in the ARP Inspection List or the DHCP Snooping database, the device rejects the packet. To define ARP Inspection on VLANs: Cisco Small Business SFE/SGE Managed Switches Administration Guide 148