Question about ARP attack protection and DHCP snooping
1. ARP attack protection:
Does ARP attack protection have to be activated simultaneously for an interface and the VLAN active on it in order to take effect? Manual Page 205: Figure 166. (Interface) + Figure 169. (VLAN)
Example: Interfaces 10-20 are untagged VLAN 30 for direct client connection
Does ARP Attack Protection have to be activated for interfaces 10-20 and for VLAN 30 for it to take effect?
(ARP attack protection activated globally)
2. if I connect a PC with a fixed IP address (no DHCP) to the interfaces 10-20, it does not receive network access and is blocked by ARP Attack Protection.
Am I right in assuming that this happens because ARP Attack Protection looks for the IP address in the DHCP snooping database? If the DHCP server has never assigned this IP, the IP is not in the database and ARP Attack Protection will drop the traffic, correct?
3. is the right solution here to create ARP access control rules (IP+MAC) for devices with a fixed IP address (printers or specific computers) and associate them with the vlan?
thanks in advance! :)
------------------------------
LO ipro
------------------------------