Enhancements
Release M.10.35 Enhancements
•If a binding is invalid, the switch drops the packet, preventing other network devices from receiving the invalid
DHCP snooping intercepts and examines DHCP packets received on switch ports before forwarding the packets. DHCP packets are checked against a database of DHCP binding infor- mation. Each binding consists of a client MAC address, port number, VLAN identifier, leased IP address, and lease time. The DHCP binding database is used to validate packets by other security features on the switch.
If you have already enabled DHCP snooping on a switch, you may also want to add static
■Supports additional checks to verify source MAC address, destination MAC address, and IP address.
ARP packets that contain invalid IP addresses or MAC addresses in their body that do not match the addresses in the Ethernet header are dropped.
When dynamic ARP protection is enabled, only ARP request and reply packets with valid
Dynamic ARP protection is implemented in the following ways on a switch:
■You can configure dynamic ARP protection only from the CLI; you cannot configure this feature from the web or menu interfaces.
■Line
■The SNMP MIB,
Enabling Dynamic ARP Protection
To enable dynamic ARP protection for VLAN traffic on a routing switch, enter the arp protect vlan command at the global configuration level.
Syntax: [no] arp protect vlan
An example of the arp protect vlan command is shown here:
ProCurve(config)# arp protect vlan
110