Manualshelf

Reference Guide

ManualsBrandsDell ManualsComputer HardwarePowerEdge VRTX
421422423424425426427428429430
Dynamic ARP Inspection 421
19
Dynamic ARP Inspection
This section describes dynamic ARP inspection.
It contains the following topics:
•Overview
Global Settings
Dynamic ARP Inspection List
Dynamic ARP Inspection Entries
VLAN Settings
•Trusted Interfaces
Overview
ARP Inspection eliminates man-in-the-middle attacks, where false ARP
packets are inserted into the subnet. ARP requests and responses are
inspected, and their MAC-address-to-IP-address binding is checked according
to the ARP Inspection List defined by the user (in the
Dynamic ARP
Inspection List
and
Dynamic ARP Inspection Entries
pages).
If the packet’s IP
address was not found in the ARP Inspection List, and DHCP Snooping is
enabled for a VLAN, a search of the DHCP Snooping database is performed.
See
Binding Database
for an explanation of the DHCP Snooping database. If
the IP address is found the packet is valid, and is forwarded.
Packets with invalid ARP Inspection bindings are logged and dropped.
Ports are classified as follows:
Trusted — Packets are not inspected.
Untrusted —Packets are inspected as described above.