0011.0011 vlan 5 10.1.1.11 interface
GigabitEthernet1/0/2
Use the show ip verify source command to display the IP Source Guard configuration and the show ip
source binding command to display the IP source bindings on the switch.
Dynamic ARP Inspection (DAI)
Address Resolution Protocol (ARP) provides IP-to-MAC (32-bit IP address into a 48-bit Ethernet address)
resolution. ARP operates at Layer 2 (the data-link layer) of the OSI model. ARP provides the translation
mapping the IP address to the MAC address of the destination host using a lookup table (also known as the ARP
cache).
Several types of attacks can be launched against a host or devices connected to Layer 2 networks by
"poisoning" the ARP caches. A malicious user could intercept traffic intended for other hosts on the LAN segment
and poison the ARP caches of connected systems by broadcasting forged ARP responses. Several known ARPbased
attacks can have a devastating impact on data privacy, confidentiality, and sensitive information. To
block such attacks, the Layer 2 switch must have a mechanism to validate and ensure that only valid ARP
requests and responses are forwarded.
Dynamic ARP inspection is a security feature that validates ARP packets in a network.
Pages:
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193