cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1300
Views
0
Helpful
1
Replies

IP ARP Inspection in non-DHCP environment

Hi,

I have implemented "arp inspection" on LAN. We have around thousand users in VLAN 100 (diagram attached) and the reason I have implemented "arp inspection" besides arp spoofing to bound clients/users to not change their ip addresses and machines/mac-addresses.

In ARP INSPECTION ACL I have added clients who are behind the router and bind them against single mac-address. (I hope diagram will help you to understand the scenario).

At my end (in real scenario) ARP ACL performing perfectly for those who are in VLAN 100, but performaing abnormally with those who are behind the router.I have not added those clients in ARP ACL but still those clients are working fine.

My question is, does users (behind the router) must be required to added in ARP ACL? In my lab it blocked all the traffic of those clients who are behind the router until I need to added them in ARP ACL.

I am using 3550 with "c3550-ipservicesk9-mz.122-25.SEB4.bin".

Please feel free to ask if you have any query

Many thanks in advance.

Best Regards,

Arsalan

1 Reply 1

Please reply.

Regards,

Arsalan

Review Cisco Networking for a $25 gift card