Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Gateway Security

I want security configure of a switch-link to the gateway. what is the correct configuration?

- ip arp inspection ?

- ip source binding ?

The IP address with the MAC address of the gateway must be sure.

What must I all configure?

all the best



Re: Gateway Security


ip arp inspection relies on the entries in the DHCP snooping binding database to

verify IP-to-MAC address bindings. Configure each secure interface as trusted using the

ip arp inspection trust interface configuration command. The trusted interfaces bypass

the ARP inspection validation checks, and all other packets are subject to inspection when

they arrive on untrusted interfaces.

In non-DHCP environments, because there is no DHCP snooping binding database, the

DAI can validate ARP packets against a user-defined ARP ACL to map hosts with a

statically configured IP address to their MAC address, so this one aplly on ur case !!

Use the arp access-list [acl-name] command from the global configuration mode on

the switch to define an ARP ACL and apply the ARP ACL to the specified VLANs on the


have a look at the following example, which configure an ARP ACL to permit ARP packets from host IP

address with MAC address 0011.0011.0011 and how to apply this ACL to VLAN 5

with the interface configured as untrusted

Switch(config)# arp access-list arpacl

Switch(config-arp-acl)# permit ip host mac host 0011.0011.0011

Switch(config-arp-acl)# exit

Switch(config)# ip arp inspection filter arpacl vlan 5

Switch(config)# interface GigabitEthernet1/0/2

Switch(config-if)# no ip arp inspection trust

i think this will solve ur issue :)

good luck

if helpful Rate

CreatePlease login to create content