CHAPTER
58-1
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
58
Configuring Dynamic ARP Inspection
This chapter describes how to configure Dynamic ARP Inspection (DAI) on the Catalyst 4500 series
switch.
This chapter includes the following major sections:
• About Dynamic ARP Inspection, page 58-1
• Configuring Dynamic ARP Inspection, page 58-5
Note For complete syntax and usage information for the switch commands used in this chapter, see the
Cisco IOS Command Reference Guides for the Catalyst 4500 Series Switch.
If a command is not in the Cisco Catalyst 4500 Series Switch Command Reference , you can locate it in
the Cisco IOS Master Command List, All Releases.
About Dynamic ARP Inspection
Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol (ARP)
packets in a network. DAI allows a network administrator to intercept, log, and discard ARP packets with
invalid MAC-IP pairs. This capability protects the network from certain “man-in-the-middle” attacks.
This section contains the following subsections:
• ARP Cache Poisoning, page 58-2
• Purpose of Dynamic ARP Inspection, page 58-2
• Interface Trust State, Security Coverage and Network Configuration, page 58-3
• Relative Priority of Static Bindings and DHCP Snooping Entries, page 58-4
• Logging of Dropped Packets, page 58-4
• Rate Limiting of ARP Packets, page 58-4
• Port Channels Function, page 58-5
To Next Page
Loading...
