EasyManuals Logo
Home>ELTEX>Switch>MES1000

ELTEX MES1000 User Manual

ELTEX MES1000
231 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #185 background imageLoading...
Page #185 background image
MES1000, MES2000 Ethernet Switches 185
Show IP address protection function configuration for all interfaces.
console# show ip source-guard configuration
IP Source Guard is Enabled
Interface State
----------- ----------
gi1/0/1 Enabled
gi1/0/22 Enabled
gi1/0/23 Enabled
Enable IP address protection function for traffic filtering based on DHCP snooping match table
and IP Source Guard static matches. Create the static record in the match table for Ethernet
12 interface of the first device in the stack: client IP address192.168.16.14, MAC address
00:60:70:4A:AB:AF. Interface in the 3rd VLAN group:
console# configure
console(config)# ip dhcp snooping
console(config)# ip source-guard
console(config)# ip source-guard binding 0060.704A.ABAF 3 192.168.16.14
gigabitethernet 1/0/12
5.27.5 ARP management (ARP Inspection)
ARP management function (ARP Inspection) ensures protection from attacks via ARP (e.g. ARP-
spoofingARP traffic interception). ARP management is based on the IP and MAC address static matches
defined for VLAN group.
Port configured as untrusted for ARP Inspection function should also be untrusted for DHCP
snooping, and the match of MAC and IP addresses for this port should be statically
configured. Otherwise, the port will not respond to ARP requests.
For untrusted ports, IP and MAC address match verification is performed.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.219 Global configuration mode commands
Command
Value/Default value
Action
ip arp inspection
Function is disabled by
default.
Enable ARP management (ARP Inspection function).
no ip arp inspection
Disable ARP management (ARP Inspection function).
ip arp inspection vlan
vlan_id
vlan_id: (1..4094)
Function is disabled by
default.
Enable ARP Inspection based on DHCP snooping match
database in the selected VLAN group.
no ip arp inspection vlan
vlan_id
Disable ARP Inspection based on DHCP snooping match
database in the selected VLAN group.
ip arp inspection validate
-
Enable specific checks for ARP management.
Source MAC address: For ARP requests and responses, MAC
address in the Ethernet header is compared to the source
address in the ARP content to check if they match.
Destination MAC address: For ARP responses, MAC address in
the Ethernet header is compared to the destination address in
the ARP content to check if they match.
IP address: ARP packet content is checked for incorrect IP
addresses.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the ELTEX MES1000 and is the answer not in the manual?

ELTEX MES1000 Specifications

General IconGeneral
BrandELTEX
ModelMES1000
CategorySwitch
LanguageEnglish

Related product manuals