Computer and IT knowledge - things to know

ArubaCX - how to improve arp security by using arp inspection?

ArubaCx - how to improve arp security by using arp inspection?

###################################
How to enable security / arp inspection on vlan 1 ?
- Turn on dhcpv4-snooping
- Turn on arp inspection
###################################
6100(config)# dhcpv4-snooping

6100(config)# vlan 1
6100(config-vlan-1)# dhcpv4-snooping
6100(config-vlan-1)# arp inspection
6100(config-vlan-1)# exit

6100(config)# interface 1/1/12
6100(config-if)# description uplink
6100(config-if)# arp inspection trust
6100(config-if)# exit


###################################
##monitor commands
###################################
6100# show arp summary
ARP Entry's State IPv4
----------------------------------------
Number of Reachable ARP entries 2
Number of Stale ARP entries 0
Number of Failed ARP entries 0
Number of Incomplete ARP entries 0
Number of Permanent ARP entries 0
----------------------------------------
Total ARP Entries 2
----------------------------------------



6100# show arp inspection statistics vlan 1
-----------------------------------------------------------------
VLAN Name Forwarded Dropped
-----------------------------------------------------------------
1 DEFAULT_VLAN_1 1238 3742


6100# show arp inspection interface
-----------------------------------------------------------------
Interface Trust-State
-----------------------------------------------------------------
1/1/1 Untrusted
1/1/2 Untrusted
1/1/3 Untrusted
1/1/4 Untrusted
1/1/5 Untrusted
1/1/6 Untrusted
1/1/7 Untrusted
1/1/8 Untrusted
1/1/9 Untrusted
1/1/10 Untrusted
1/1/11 Untrusted
1/1/12 Trusted
1/1/13 Untrusted
1/1/14 Untrusted
1/1/15 Untrusted
1/1/16 Untrusted
-----------------------------------------------------------------



6100# show dhcpv4-snooping
6100# show dhcpv4-snooping binding

###################################
##debug
###################################
6100(config)# debug destination console
6100(config)# debug arp inspection
6100(config)# no debug all

##read more:
https://kb.netgear.com/de/21808/Was-ist-dynamische-ARP-Inspektion-DAI-und-wie-funktioniert-es-mit-meinem-Managed-Switch?language=de

computer2know :: thank you for your visit :: have a nice day :: © 2024