Netgear XCM8806 Chassis Hardware Installation Guide - Page 628
enable ip-security arp validation violation-action, To view the ARP table
View all Netgear XCM8806 Chassis manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 628 highlights
NETGEAR 8800 Chassis Switch CLI Manual Note: If you enable DHCP secured ARP on the switch, ARP learning continues, which allows insecure entries to be added to the ARP table. The default ARP timeout (configure iparp timeout) and ARP refresh (enable iparp refresh) settings do not apply to DHCP secured ARP entries. The switch removes DHCP secured ARP entries upon any DHCP release packet received from the DHCP client. Displaying ARP Information To display how the switch builds an ARP table and learns MAC addresses for devices on a specific VLAN and associated member ports, use the following command: show ip-security arp learning {vlan} To view the ARP table, including permanent and DHCP secured ARP entries, use the following command: show iparp { | | vlan | permanent} {vr } Example The following command enables DHCP secured ARP learning on port 1:1 of the VLAN learn and uses the default polling and retry intervals: enable ip-security arp learning learn-from-dhcp vlan learn ports 1:1 enable ip-security arp validation violation-action enable ip-security arp validation {destination-mac} {source-mac} {ip} {vlan} [all | ] violation-action [drop-packet {[block-port] [duration | permanently]}] {snmp-trap} Description Enables ARP validation for the specified VLAN and member ports. Syntax Description destination-mac source-mac ip Specifies that the switch checks the ARP payload for the MAC destination address in the Ethernet header and the receiver's host address in the ARP response. Specifies that the switch checks ARP requests and responses for the MAC source address in the Ethernet header and the sender's host address in the ARP payload. Specifies the switch checks the IP address in the ARP payload and compares it to the DHCP bindings database. If the IP address does exist in the DHCP bindings table, the switch verifies that the MAC address is the same as the sender hardware address in the ARP request. If not, the packet is dropped. 628 | Chapter 15. Security Commands