Address Resolution Protocol (ARP) Inspection Properties Configuration on 300 Series Managed Switches

Available Languages

Download Options

PDF (68.6 KB)
View with Adobe Reader on a variety of devices
ePub (115.0 KB)
View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle) (95.3 KB)
View on Kindle device or Kindle app on multiple devices

Updated:December 11, 2018

Document ID:SMB3377

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Address Resolution Protocol (ARP) Inspection Properties Configuration on 300 Series Managed Switches

Objective

Address Resolution Protocol (ARP) is used to map IP addresses to MAC addresses. ARP inspection is used to protect a network from ARP attacks. ARP inspection increases traffic security by the inspection of packets that are on interfaces defined as untrusted on the Interface Settings page. When a packet arrives on an untrusted interface, ARP inspection looks at the source IP address and MAC address of the packet. If they match the IP address and MAC address found in the ARP access control rules, then the packet is forwarded, otherwise the packet is dropped.

This article explains how to configure ARP inspection on 300 Series Managed Switches.

Applicable Devices

• SF/SG 300 Series Managed Switches

Software Version

• 1.3.0.62

Properties

Step 1. Log in to the web configuration utility and choose Security > ARP Inspection > Properties. The Properties page opens:

Step 2. Check the Enable check box in the ARP Inspection Status field to enable ARP inspection.

Step 3. (Optional) Check the Enable check box in the ARP Packet Validation field to enable the following validations. Packets that are considered invalid by ARP inspection are logged and dropped.

• Source MAC — Compares the source MAC address of the packet with the MAC address of the sender in the ARP request. This check is performed for both ARP requests and ARP responses.

• Destination MAC — Compares the destination MAC address of the packet with the destination MAC address of the interface. This check is performed only for ARP responses.

• IP Addresses — Compares the ARP body for invalid IP addresses. These addresses include 0.0.0.0, 255.255.255.255, and all IP multicast addresses.

Step 4. Click the radio button that corresponds to the desired option in the Log Buffer Interval field. If the source IP address of the incoming packet cannot be found by ARP inspection, then the packet is dropped and a SYSLOG message is sent. The log buffer interval is the amount of time between SYSLOG messages.

• Retry Frequency — Enter the value that defines the frequency (in seconds) at which SYSLOG dropped packet messages are sent.

• Never — Disables SYSLOG dropped packet messages.

Step 5. Click Apply to save the changes or Cancel to undo the changes.

Revision History

Revision	Publish Date	Comments
1.0	11-Dec-2018	Initial Release

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)