Dynamic Arp Inspection Overview - Dell PowerConnect 5548P System User's Manual

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell

Dynamic ARP Inspection Overview

ARP Inspection eliminates man-in-the-middle attacks, where false ARP
packets are inserted into the subnet. ARP requests and responses are
inspected, and their MAC-address-to-IP-address binding is checked according
to the ARP Inspection List defined by the user (in the
Inspection List
address was not found in the ARP Inspection List, and DHCP Snooping is
enabled for a VLAN, a search of the DHCP Snooping database is performed.
See "How DHCP Snooping Works" on page 574 for an explanation of the
DHCP Snooping database. If the IP address is found the packet is valid, and is
forwarded.
Packets with invalid ARP Inspection bindings are logged and dropped.
Ports are classified as follows:
• Trusted — Packets are not inspected.
• Untrusted —Packets are inspected as described above.
The following additional validation checks may be configured by the user:
• Source MAC — Compares the packet's source MAC address in the
Ethernet header against the sender's MAC address in the ARP request.
This check is performed on both ARP requests and responses.
• Destination MAC — Compares the packet's destination MAC address in
the Ethernet header against the destination interface's MAC address. This
check is performed for ARP responses.
• IP Addresses — Compares the ARP body for invalid and unexpected IP
addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP Multicast
addresses.
D E L L C O N F I D E N T I A L – P R E L I M I N A R Y 9 / 1 1 / 1 2 - F O R P R O O F O N LY
562
Dell PowerConnect 55xx Systems User Guide
Contax\CxUGSwitching_ARP.fm
Dynamic ARP Inspection Entries
and
Dynamic ARP
pages). If the packet's IP