Dynamic Arp Inspection; Figure 3-84. Dhcp Option 82 Page - Alcatel OS-LS-6224 User Manual
User guide
Hide thumbs
Also See for OS-LS-6224:
- Getting started manual (60 pages) ,
- User manual (762 pages) ,
- Getting started manual (52 pages)
Table of Contents
Advertisement
Dynamic ARP Inspection
Dynamic Address Resolution Protocol (ARP) is a TCP/IP protocol that translates IP
addresses into MAC addresses. Dynamic ARP allows the following:
• Permits two hosts on the same network to communicate and send packets.
• Permits two hosts on different packets to communicate via a gateway.
• Permits routers to send packets via a host to a different router on the same
network.
• Permits routers to send packets to a destination host via a local host.
ARP Inspection eliminates man-in-the-middle attacks, where false ARP packets are
inserted into the subnet. ARP requests and responses are inspected, and their MAC
Address to IP Address binding is checked. Packets with invalid ARP Inspection
Bindings are logged and dropped. Packets are classified as:
• Trusted — Indicates that the interface IP and MAC address are recognized, and
recorded in the ARP Inspection List. Trusted packets are forward without ARP
Inspection.
• Untrusted — Indicates that the packet arrived from an interface that does not have
a recognized IP and MAC addresses. The packet is checked for:
• Source MAC — Compares the packet's source MAC address in the Ethernet
header against the sender's MAC address in the ARP request. This check is
performed on both ARP requests and responses.
Figure 3-84. DHCP Option 82 Page
Dynamic ARP Inspection
3
177
- Quick Links:
- Chapter 2: Initial Configuration
Hide quick links:
Advertisement
Table of Contents
