ARP Inspection VLAN Settings
Use the VLAN Settings page to enable ARP Inspection on VLANs. In the Enabled VLAN table, users assign static ARP Inspection lists to enabled VLANs. When a packet passes through an untrusted interface that is enabled for ARP Inspection, the switch performs the following checks in order:
-
Determines if the packet’s IP address and MAC address exist in the static ARP Inspection list. If the addresses match, the packet passes through the interface.
-
If the switch does not find a matching IP address, but DHCP Snooping is enabled on the VLAN, the switch checks the DHCP Snooping database for the IP address-VLAN match. If the entry exists in the DHCP Snooping database, the packet passes through the interface.
-
If the packet’s IP address is not listed in the ARP Inspection list or the DHCP Snooping database, the switch rejects the packet.
To define ARP Inspection on VLANs, complete the following steps:
Procedure
| Step 1 | Click Security > ARP Inspection > VLAN Settings. |
| Step 2 | Select the VLANs from the Available VLANs column and add them to the Enabled VLANs column. |
| Step 3 | Click Apply. ARP Inspection settings are applied on the selected VLANs, and the Running Configuration is updated. |