Tuesday, 29 July 2014

Cisco 300 Switch: Dynamic ARP Inspection

To enable ARP inspection enter the following commands;



Now you need to configure the trusted interfaces, these will be your uplink interfaces;



Now configure ARP access control, this will be your DHCP server;




Additionally you can configure the following;



This will; 

"...drop ARP packets when the IP addresses in the packets are invalid or when the MAC addresses in the body of the ARP packets do not match the addresses specified in the Ethernet header".

Sources:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/dynarp.html

1 comment: