Configuration of Address Resolution Protocol (ARP) Access Control and Access Control Rules on Sx500 Series Stackable Switches

Available Languages

Download Options

  • PDF     (351.7 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (400.5 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (171.4 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:December 11, 2018
Document ID:SMB3089

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Configuration of Address Resolution Protocol (ARP) Access Control and Access Control Rules on Sx500 Series Stackable Switches

Objective

Address Resolution Protocol (ARP) allows you to map an IP address to a MAC address. An attacker can perform a man-in-the-middle attack on the hosts, switches, and routers that are connected to a Layer 2 network through the means of interception of the traffic directed to other hosts. This causes the traffic that flows from the device which was attacked to flow through the computer of the attacker, and then through the routers, switch and host. The attacker, who is in the middle of the communication, can read the data in the packets and then forward it to the destination. ARP Inspection is applied only on untrusted interfaces.

This article explains the steps to add entries to the ARP Inspection table in Sx500 Series Stackable Switches.

Applicable Devices

• Sx500 Series Stackable Switches

Software Version

• 1.3.0.62

Configuration of Access Control and Access Control Rules

Step 1. Log in to the web configuration utility, and choose Security > ARP Inspection > ARP Access Control. The ARP Access Control page opens:

Step 2. Click Add to add an entry. The Add ARP Access Control window appears.

Step 3. Enter the name created by the user in the ARP Access Control Name field.

Step 4. Enter the IP address of the device in the IP Address field.

Step 5. Enter the MAC address of the device in the MAC Address field.

Step 6. Click Apply.

Step 7. Click the ARP Access Control Rules button. This button opens the ARP Access Control Rules page. This page shows the Access Control rules that are already configured and is used to add more rules to the previously created ARP Access Control group.

Step 8. Click Add to add more rules to the Access Control group. The Add ARP Access Control Rules window appears.

Step 9. Choose an Access Control Group from the ARP Access Control Name drop-down list.

Step 10. Enter the IP address of the packet in the IP Address field.

Step 11. Enter the MAC address of the device in the MAC Address field.

Step 12. (Optional) To delete an entry, check the desired ARP Access Control Name and click Delete.

Step 13. Click Apply to update the running configuration file.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco