Logo free mcse ccna rhce linux java learning free mcse ccna rhce linux java learning
          Sharefacebook twitter google+ google bookmark yahoo bookmark delicious digg linkedin pinterest reddit stumbleupon evernote diigo blinklist blogmarks livejournal email feed


Preventing ARP spoofing attacks with Dynamic ARP inspection (DAI)

External Resources

Dynamic ARP Inspection (DAI) is a feature which can be used to prevent ARP spoofing attacks. Dynamic ARP Inspection (DAI) can be enabled on switches. When enabled, Dynamic ARP Inspection (DAI) verifies IPv4 address to MAC address bindings. If a mismatch happened on an untrusted port, Dynamic ARP Inspection (DAI) will discard spoofed ARP packets. DAI uses the DHCP snooping binding database to validate bindings. Dynamic ARP Inspection (DAI) only inspects ARP packets from untrusted ports.

Dynamic ARP Inspection (DAI) can be enabled globally per VLAN using the command "ip arp inspection vlan <vlan-id>" By default, all ports are untrusted. To to configure a port as trusted, use the command "ip arp inspection trust", at the interface level.

How to enable Dynamic ARP Inspection (DAI) on a specific VLAN


OmniSecuSW1#configure terminal
OmniSecuSW1(config)#ip arp inspection vlan 500


How to configure a switch port as trusted


OmniSecuSW1#configure terminal
OmniSecuSW1(config)#interface gigabitethernet 0/0
OmniSecuSW1(config-if)#ip arp inspection trust
              Jajish Thomason Google+
Related Topics
comments powered by Disqus

eXTReMe Tracker