OmniSecu.com Logo  
omnisecu.com free mcse ccna rhce linux java learning
omnisecu.com free mcse ccna rhce linux java learning
          Sharefacebook twitter google+ google bookmark yahoo bookmark delicious digg linkedin pinterest reddit stumbleupon evernote diigo blinklist blogmarks livejournal email feed

Tutorials

Preventing ARP spoofing attacks with Dynamic ARP inspection (DAI)

External Resources

Dynamic ARP Inspection (DAI) is a feature which can be used to prevent ARP spoofing attacks. Dynamic ARP Inspection (DAI) can be enabled on switches. When enabled, Dynamic ARP Inspection (DAI) verifies IPv4 address to MAC address bindings. If a mismatch happened on an untrusted port, Dynamic ARP Inspection (DAI) will discard spoofed ARP packets. DAI uses the DHCP snooping binding database to validate bindings. Dynamic ARP Inspection (DAI) only inspects ARP packets from untrusted ports.

Dynamic ARP Inspection (DAI) can be enabled globally per VLAN using the command "ip arp inspection vlan <vlan-id>" By default, all ports are untrusted. To to configure a port as trusted, use the command "ip arp inspection trust", at the interface level.

How to enable Dynamic ARP Inspection (DAI) on a specific VLAN

 

OmniSecuSW1#configure terminal
OmniSecuSW1(config)#ip arp inspection vlan 500
OmniSecuSW1(config)#exit
OmniSecuSW1#

 

How to configure a switch port as trusted

 

OmniSecuSW1#configure terminal
OmniSecuSW1(config)#interface gigabitethernet 0/0
OmniSecuSW1(config-if)#ip arp inspection trust
OmniSecuSW1(config-if)#exit
OmniSecuSW1(config)#exit
OmniSecuSW1#
              Jajish Thomason Google+
Related Topics
comments powered by Disqus


eXTReMe Tracker DMCA.com