<br /> The switch , configured with above option, will inspect all arp packets( i think frame would be better term as arp works on layer 2 ) arriving on an untrusted port.
<br />1) why does switch have to check all arp packets , what's the point checking arp req? checking arp reply makes complete sense because by doing so , switch prevents host getting wrong mapping between mac and ip in arp table.
<br />Unless we have configued" ip arp inspection validate " command, I don't see any reason for a switch to intercept and inspect arp requests.
<br />2) The command '" ip arp inspection validate" ( quote from my book)
<br />" check the sender's ip address in all arp request., check the sender's ip address against the target ip address in all arp replies."
<br />Here is what i understand, check the source ip address in ip header against sender(source) the ip address in SHA feild of arp request.
<br />check the ip address in" arp target ip address" feild in arp reply against the previously inspected arp request' ip address in sender feild"
<br />Becaus if i take the cisco book literally, it is impossible to match sender ip against the target ip in arp reply message. Because sender ip is the ip address of sender(sender of the reply) and target ip is the ip address of destination in arp reply.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.