Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

ARP Protection Enabled : No

James R. Marcus
Occasional Visitor

ARP Protection Enabled : No

Hi,
Question: How do I enable arp-protection?

I have been reading the Hardening ProCurve Switches and the Access Security Guide document in order to implement dynamic ARP protection. I have setup one port to be trusted, as well as dhcp-snooping:

no stack
dhcp-snooping
dhcp-snooping authorized-server 10.10.200.8
dhcp-snooping authorized-server 10.10.200.16
dhcp-snooping vlan 1

However it seems that maybe my syntax for arp-protect maybe incorrect or I have an old version of the OS.
Here are the commands I ran for arp-protect:
I only have one VLAN and I ran this command.

arp-protect vlan 1
arp-protect trust ethernet 4
arp-protect validate src-mac dst-mac

Here is the output of sh arp-protect, which shows ARP Protection as Disabled:

as-cam-poe# sh arp-protect

ARP Protection Information

ARP Protection Enabled : No
Protected Vlans : 1
Validate : source-mac, dest-mac

Port Trust
----- -----
1 No
2 No
3 No
4 Yes
(Output truncated)

as-cam-poe# show version
Image stamp: /sw/code/build/btm(t2a)
May 29 2007 16:54:17
K.12.16
159
Boot Image: primary


Just one final note. This is my only ProCurve switch, I'm a Cisco user so if I'm making an obviously stupid mistake please bear with me.
2 REPLIES
James R. Marcus
Occasional Visitor

Re: ARP Protection Enabled : No

I guess I just needed to run:
as-cam-poe(config)# arp-protect enable
Invalid input: enable
as-cam-poe(config)# arp-protect
as-cam-poe(config)#
as-cam-poe# wr mem
as-cam-poe# sh arp-protect

ARP Protection Information

ARP Protection Enabled : Yes
Protected Vlans : 1
Validate : source-mac, dest-mac

James R. Marcus
Occasional Visitor

Re: ARP Protection Enabled : No

Run arp-protect without any additional arguments.