Home > Dynamic ARP Inspection DAI

Dynamic ARP Inspection DAI

November 16th, 2018 in SWITCH 300-115 Go to comments

Question 1

Explanation

Dynamic ARP inspection is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks.

Dynamic ARP inspection ensures that only valid ARP requests and responses are relayed. The switch performs these activities:
+ Intercepts all ARP requests and responses on untrusted ports
+ Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before it updates the local ARP cache or before it forwards the packet to the appropriate destination
+ Drops invalid ARP packets

Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series-switches/72846-layer2-secftrs-catl3fixed.html

Question 2

Explanation

This example shows how to enable DAI on VLANs 10 through 12:

Router# configure terminal
Router(config)# ip arp inspection vlan 10-12

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/dynarp.html

Question 3

Question 4a

Explanation

Note: To configure DHCP snooping with Dynamic ARP Inspection we need to add the command “ip arp inspection vlan vlan-id” in global configuration mode and “ip arp inspection trust” in interface mode.

Question 4b

Question 5

Explanation

Dynamic ARP inspection is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks.

Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series-switches/72846-layer2-secftrs-catl3fixed.html

Question 6

Question 7

Question 8

Question 9

Comments
  1. No comments yet.
  1. No trackbacks yet.