Source Address Validation - Dell Force10 C150 Configuration Manual

View the number of entries in the ARP database with the
Figure 13-8. Command example:
FTOS#show arp inspection database
Protocol Address
----------------------------------------------------------------------------
Internet 10.1.1.251
Internet 10.1.1.252
Internet 10.1.1.253
Internet 10.1.1.254
FTOS#
show arp inspection statistics
Use
processed.
Figure 13-9. Command example:
FTOS#show arp inspection statistics
Dynamic ARP Inspection (DAI) Statistics
---------------------------------------
Valid ARP Requests
Valid ARP Replies
Invalid ARP Requests
Invalid ARP Replies
FTOS#
Bypass the ARP Inspection
You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in
multi-switch environments. ARPs received on trusted ports bypass validation against the binding table. All
ports are untrusted by default.
Task
Specify an interface as trusted so that ARPs are not
validated against the binding table.
FTOS Behavior: Introduced in FTOS version 8.2.1.0, Dynamic ARP Inspection (DAI) was available for
Layer 3 only. FTOS version 8.2.1.1 extends DAI to Layer 2.

Source Address Validation

Using the DHCP binding table, FTOS can perform three types of source address validation (SAV):
• IP Source Address Validation on page 328
have been validated against the DHCP binding table.
show arp inspection database
Age(min) Hardware Address
- 00:00:4d:57:f2:50
- 00:00:4d:57:e6:f6
- 00:00:4d:57:f8:e8
- 00:00:4d:69:e8:f2
command to see how many valid and invalid ARP packets have been
show arp inspection database
: 0
: 1000
: 1000
: 0
Command Syntax
arp inspection-trust
prevents IP spoofing by forwarding only IP packets that
show arp inspection database
Interface VLAN
Gi 0/2 Vl 10
Gi 0/1 Vl 10
Gi 0/3 Vl 10
Te 0/50 Vl 10
Dynamic Host Configuration Protocol | 327
command.
CPU
CP
CP
CP
CP
Command Mode
INTERFACE