PDF(35.3 KB) View with Adobe Reader on a variety of devices
ePub(80.5 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(120.1 KB) View on Kindle device or Kindle app on multiple devices
Updated:November 29, 2018
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Address Resolution Protocol (ARP) Inspection Properties Configuration on ESW2-550X Switch
Address Resolution Protocol (ARP) is used to resolve an IP address into the MAC address of the destination. This operates at layer 2 of the OSI model. It uses a look up table (ARP cache) to store the IP address to MAC address mapping. ARP inspection is used to prevent ARP cache poisoning. ARP cache poisoning can lead to unauthorized users to control and intercept the network traffic.
This article explains how to configure ARP inspection configuration on ESW2-550X stackable managed switches.
• ESW2-550X • ESW2-550X-DC
Set Up ARP Inspection Properties
Step 1. Log in to the web configuration utility and choose Security > ARP Inspection > Properties. The Properties page opens:
Step 2. In the ARP Inspection Status field, check the Enable check box to enable the ARP inspection feature. This feature is disabled by default.The ARP inspection is performed only on untrusted interfaces. Packets from trusted interfaces are forwarded.
Step 3. In the ARP Packet Validation field, check the Enable check box to enable the packet validation in ARP. This feature is disabled by default. If this check box is checked, the following values are compared with the existing databases to prevent outsider attacks:
• Source MAC — The source MAC address of the packet in the Ethernet header is compared against the MAC address of the sender in the ARP request. This check is performed on both ARP requests and responses.
• Destination MAC — The destination MAC address of the packet in the Ethernet header is compared against the MAC address of the destination interface. This check is performed for ARP responses only.
• IP Addresses — This compares the ARP data content for invalid and unexpected IP addresses. IP addresses include 0.0.0.0, 255.255.255.255, and all IP Multicast addresses.
Note: ARP inspection also uses a DHCP snooping binding database (if DHCP snooping is enabled) to counter-check the IP address of the packet in addition to its access control rules.
Step 4. In the Log Buffer Interval field, click one of the radio buttons:
• Retry Frequency — Enables SYSLOG messages to be sent for dropped packets. Enter the frequency with which the messages are sent. The default frequency is 5 seconds. The range is from 0 to 86400 seconds.
• Never — Disables SYSLOG dropped packet messages.
Step 5. Click Apply to make the changes. The settings are defined and the running configuration file is updated.