Managing Device Security
423
ProSafe M5300 Switch
3. Use Logging Invalid Packets to indicate whether the Dynamic ARP Inspection logging is
enabled on this VLAN. If this object is set to 'Enable' it will log the Invalid ARP Packets
information. If this object is set to 'Disable', Dynamic ARP Inspection logging is disabled.
4. Use ARP ACL Name to specify a name for the ARP Access list. A VLAN can be configured
to use this ARP ACL containing rules as the filter for ARP packet validation. The name can
contain up to <1-31> alphanumeric characters.
5. Use Static Flag to determine whether the ARP packet needs validation using the DHCP
snooping database in case ARP ACL rules don't match. If the flag is enabled then the ARP
Packet will be validated by the ARP ACL Rules only. If the flag is disabled then the ARP
Packet needs further validation by using the DHCP Snooping entries. The factory default is
disable.
DAI Interface Configuration
To display the DAI Interface Configuration page, click Security Control> Dynamic ARP
Inspection
DAI Interface Configuration.
To configure DAI interface settings:
1. Select the check box associated with each Interface to configure. Select the check box in
the heading row to apply the same settings to all interfaces. \
2. Use Trust Mode to indicate whether the interface is trusted for Dynamic ARP Inspection
purpose. If this object is set to 'Enable', the interface is trusted. ARP packets coming to this
interface will be forwarded without checking. If this object is set to 'Disable', the interface is
not trusted. ARP packets coming to this interface will be subjected to ARP inspection. The
factory default is disable.
3. Use Rate Limit (pps) to specify rate limit value for Dynamic ARP Inspection purpose. If the
incoming rate of ARP packets exceeds the value of this object for consecutively burst
interval seconds, ARP packets will be dropped. If this value is None there is no limit. The
factory default is 15pps (packets per second).
4. Use Burst Interval (secs) to specify the burst interval value for rate limiting purpose on this
interface. If the rate limit is None burst interval has no meaning shows it as N/A. The factory
default is 1 second.