Gateway Security

Unanswered Question
Sep 8th, 2008
User Badges:

I want security configure of a switch-link to the gateway. what is the correct configuration?

- ip arp inspection ?

- ip source binding ?

The IP address with the MAC address of the gateway must be sure.

What must I all configure?

all the best


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marwan ALshawi Mon, 09/08/2008 - 04:30
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015


ip arp inspection relies on the entries in the DHCP snooping binding database to

verify IP-to-MAC address bindings. Configure each secure interface as trusted using the

ip arp inspection trust interface configuration command. The trusted interfaces bypass

the ARP inspection validation checks, and all other packets are subject to inspection when

they arrive on untrusted interfaces.

In non-DHCP environments, because there is no DHCP snooping binding database, the

DAI can validate ARP packets against a user-defined ARP ACL to map hosts with a

statically configured IP address to their MAC address, so this one aplly on ur case !!

Use the arp access-list [acl-name] command from the global configuration mode on

the switch to define an ARP ACL and apply the ARP ACL to the specified VLANs on the


have a look at the following example, which configure an ARP ACL to permit ARP packets from host IP

address with MAC address 0011.0011.0011 and how to apply this ACL to VLAN 5

with the interface configured as untrusted

Switch(config)# arp access-list arpacl

Switch(config-arp-acl)# permit ip host mac host 0011.0011.0011

Switch(config-arp-acl)# exit

Switch(config)# ip arp inspection filter arpacl vlan 5

Switch(config)# interface GigabitEthernet1/0/2

Switch(config-if)# no ip arp inspection trust

i think this will solve ur issue :)

good luck

if helpful Rate


This Discussion