12-13
User
Guide
for
the
Cisco
Application
Networking
Manager
5.2
OL-26572-01
Chapte
r
12
Configuring
Network
Access
Configuring
Virtual
Context
VLAN
Interfaces
ARP
Inspection
Type
Type
of
ARP
inspection,
which
prevents
malicious
users
from
impersonating
other
hosts
or
routers,
known
as
ARP
spoofing.
ARP
spoofing
can
enable
a
“man-in-the-middle”
attack.
For
example,
a
host
sends
an
ARP
request
to
the
gateway
router.
The
gateway
router
responds
with
the
gateway
router
MAC
address.
By
default,
ARP
inspection
is
disabled
on
all
interfaces,
allowing
all
ARP
packets
through
the
ACE.
When
you
enable
ARP
inspection,
the
ACE
appliance
uses
the
IP
address
and
interface
ID
(ifID)
of
an
incoming
ARP
packet
as
an
index
into
the
ARP
table.
ARP
inspection
operates
only
on
ingress
br
idged
interfaces.
Note
If
ARP
inspection
fails,
then
the
ACE
does
not
perform
source
MAC
validation.
Choices
are
as
follows:
•
N/A
—ARP
inspection
is
disabled.
•
Flood
—Enables
ARP
forwarding
of
nonmatching
ARP
packets.
The
ACE
appliance
forwards
all
ARP
packets
to
all
interfaces
in
the
bridge
group.
This
setting
is
the
default.
In
the
absence
of
a
static
ARP
entry,
this
option
bridges
all
packets.
•
No
Flood
—Disables
ARP
forwarding
for
the
interface
and
drops
nonmatching
ARP
packets.
In
the
absence
of
a
static
ARP
entry,
this
option
does
not
bridge
any
packets.
UDP
Config
Commands
UDP
boost
command
options:
•
N/A
—Not
applicable.
•
IP
Destination
Hash
—Performs
destination
IP
hash
dur
ing
connection.
•
IP
Source
Hash
—Performs
source
IP
ha
sh
dur
ing
connection
lookup.
Table
12-1
VLAN
Interface
Attributes
(continued)
Field
Description
