Contents
xvii
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Configuring Port Security on an Interface 30-4
Configuring Trunk Port Security 30-7
Configuring Port Security Aging 30-9
Displaying Port Security Settings 30-11
CHAPTER
31 Configuring DHCP Snooping and IP Source Guard 31-1
Overview of DHCP Snooping 31-1
Overview of the DHCP Snooping Database Agent 31-2
Configuring DHCP Snooping on the Switch 31-3
Default Configuration for DHCP Snooping 31-3
Enabling DHCP Snooping 31-4
Enabling DHCP Snooping on Aggregration Switch 31-5
Enabling DHCP Snooping on Private VLAN 31-6
Enabling the DHCP Snooping Database Agent 31-6
Configuration Examples for the Database Agent 31-7
Displaying DHCP Snooping Information 31-10
Displaying a Binding Table 31-10
Displaying the DHCP Snooping Configuration 31-11
Overview of IP Source Guard 31-11
Configuring IP Source Guard on the Switch 31-12
Configuring IP Source Guard on Private VLANs 31-13
Displaying IP Source Guard Information 31-13
Displaying IP Source Binding Information 31-14
CHAPTER
32 Understanding and Configuring Dynamic ARP Inspection 32-1
Overview of Dynamic ARP Inspection 32-1
ARP Cache Poisoning 32-2
Purpose of Dynamic ARP Inspection 32-2
Interface Trust State, Security Coverage and Network Configuration 32-3
Relative Priority of Static Bindings and DHCP Snooping Entries 32-4
Logging of Dropped Packets 32-4
Rate Limiting of ARP Packets 32-4
Port Channels and Their Behavior 32-4
Configuring Dynamic ARP Inspection 32-5
Configuring Dynamic ARP Inspection in DHCP Environments 32-5
Configuring ARP ACLs for Non-DHCP Environments 32-10
Configuring the Log Buffer 32-14
Limiting the Rate of Incoming ARP Packets 32-16