Dynamic Arp Inspection Commands; Ip Arp Inspection Vlan - NETGEAR GSM7328Sv1 - ProSafe 24+4 Gigabit Ethernet L3 Managed Stackable Switch Cli Manual

Example: The following shows example CLI display output for the command.
(switch) #show ip source binding
MAC Address
-----------------
00:00:00:00:00:08
00:00:00:00:00:09
00:00:00:00:00:0A

Dynamic ARP Inspection Commands

Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP
packets. DAI prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts
traffic for other stations by poisoning the ARP caches of its unsuspecting neighbors. The miscreant
sends ARP requests or responses mapping another station's IP address to its own MAC address.
DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and builds a
binding database of valid {MAC address, IP address, VLAN, and interface} tuples.
When DAI is enabled, the switch drops ARP packets whose sender MAC address and sender IP
address do not match an entry in the DHCP snooping bindings database. You can optionally
configure additional ARP packet validation.

ip arp inspection vlan

Use this command to enable Dynamic ARP Inspection on a list of comma-separated VLAN
ranges.
Default
disabled
Format
ip arp inspection vlan vlan-list
Mode Global Config
no ip arp inspection vlan
Use this command to disable Dynamic ARP Inspection on a list of comma-separated VLAN
ranges.
Switching Commands
IP Address Type
---------------
1.2.3.4
1.2.3.4
1.2.3.4
v1.0, July 2009
Managed Switch CLI Manual, Release 8.0
Vlan
------------- -----
dhcp-snooping
dhcp-snooping
dhcp-snooping
Interface
-------------
2 1/0/1
3 1/0/1
4 1/0/1
3-131