Table of Contents
Advertisement
Configuring Device Security
Defining Dynamic ARP Inspection
STEP 4
Defining Dynamic ARP Inspection
ESW 500 Series Switches Administration Guide
-
VLAN
— Indicates that DHCP Snooping is not enabled on the VLAN.
-
Trusted Port
-
Resource Problem
Define the relevant fields. Click Apply and the device is updated.
Dynamic Address Resolution Protocol
addresses into MAC addresses. Classic ARP does the following:
•
Permits two hosts on the same network to communicates and send packets.
•
Permits two hosts on different packets to communicate via a gateway.
•
Permits routers to send packets via a host to a different router on the same
network.
•
Permits routers to send packets to a destination host via a local host.
ARP Inspection intercepts, discards, and logs ARP packets that contain invalid IP-
to-MAC address bindings. This eliminates man-in-the-middle attacks, where false
ARP packets are inserted into the subnet. Packets are classified as:
•
Trusted — Indicates that the interface IP and MAC address are recognized,
and recorded in the ARP Inspection List. Trusted packets are forward without
ARP Inspection.
•
Untrusted — Indicates that the packet arrived from an interface that does not
have a recognized IP and MAC addresses. The packet is checked for:
-
Source MAC
Ethernet header against the sender's MAC address in the ARP request.
This check is performed on both ARP requests and responses.
-
Destination MAC
the Ethernet header against the destination interface's MAC address.
This check is performed for ARP responses.
-
IP Addresses
addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP
Multicast addresses.
— Indicates the port is a trusted port.
— Indicates that the TCAM is full.
(ARP) is a TCP/IP protocol for translating IP
— Compares the packet's source MAC address in the
— Compares the packet's destination MAC address in
— Checks the ARP body for invalid and unexpected IP
5
191
Hide quick links:
Advertisement
Table of Contents
