Dynamic Arp Inspection; Dai Global Configuration - Dell PowerConnect 6224 User Manual

Table 7-57. Link Dependency Commands
CLI Command
link-dependency group
add ethernet
add port-channel
depends-on ethernet
depends-on port-channel
show link-dependency

Dynamic ARP Inspection

Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. DAI
prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other
stations by poisoning the ARP caches of its unsuspecting neighbors. The miscreant sends ARP requests
or responses mapping another station's IP address to its own MAC address.
DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and builds a
binding database of valid {MAC address, IP address, VLAN, and interface} tuples.
When DAI is enabled, the switch drops ARP packets whose sender MAC address and sender IP address
do not match an entry in the DHCP snooping bindings database. You can optionally configure additional
ARP packet validation.
The Dynamic ARP Inspection menu page contains links to the following features:
•

DAI Global Configuration

• DAI Interface Configuration
• DAI VLAN Configuration
• DAI ACL Configuration
• DAI ACL Rule Configuration
• DAI Statistics
DAI Global Configuration
Use the DAI Configuration page to configure global DAI settings.
To display the DAI Configuration page, click Switching → Dynamic ARP Inspection → Global
Configuration in the navigation tree.
438
Configuring Switching Information
Description
Enters the link-dependency mode to configure a link-dependency
group.
Adds member Ethernet port(s) to the dependency list.
Adds member port-channels to the dependency list.
Adds the dependent Ethernet ports list.
Adds the dependent port-channels list.
Shows the link dependencies configured on a particular group.