Dynamic Arp Inspection - NETGEAR GSM7228PS Software Administration Manual
Managed switch release 8.0.3
Hide thumbs
Also See for GSM7228PS:
- Cli manual (788 pages) ,
- Datasheet (15 pages) ,
- User manual (628 pages)
Table of Contents
Advertisement
a. Select Security > Management Security > Radius > Server Configuration. A
screen similar to the following displays.
b. In the Radius Server IP Address field, enter 192.168.0.1.
c. In the Secret Configured field, select Yes.
d. In the Secret field, enter 12345.
e. Click Add.
Dynamic ARP Inspection
Dynamic ARP inspection (DAI) is a security feature that rejects invalid and malicious ARP
packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly
station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting
neighbors. The miscreant sends ARP requests or responses mapping another station's IP
address to its own MAC address.
DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and
builds a bindings database of valid tuples (MAC address, IP address, VLAN interface).
When DAI is enabled, the switch drops ARP packet if the sender MAC address and sender IP
address do not match an entry in the DHCP snooping bindings database. However, it can be
overcome through static mappings. Static mappings are useful when hosts configure static IP
addresses, DHCP snooping cannot be run, or other switches in the network do not run
254 |
Chapter 14. Security Management
ProSafe 7000 Managed Switch Release 8.0.3
Advertisement
Table of Contents
