CHAPTER
52-1
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
52
Configuring Dynamic ARP Inspection
This chapter describes how to configure Dynamic ARP Inspection (DAI) on the Catalyst 4500 series
switch.
This chapter includes the following major sections:
• About Dynamic ARP Inspection, page 52-1
• Configuring Dynamic ARP Inspection, page 52-5
Note For complete syntax and usage information for the switch commands used in this chapter, see the Cisco
Catalyst 4500 Series Switch Command Reference and related publications at this location:
http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html
If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the
Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location:
http://www.cisco.com/en/US/products/ps6350/index.html
About Dynamic ARP Inspection
Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol (ARP)
packets in a network. DAI allows a network administrator to intercept, log, and discard ARP packets with
invalid MAC-IP pairs. This capability protects the network from certain “man-in-the-middle” attacks.
This section contains the following subsections:
• ARP Cache Poisoning, page 52-2
• Purpose of Dynamic ARP Inspection, page 52-2
• Interface Trust State, Security Coverage and Network Configuration, page 52-3
• Relative Priority of Static Bindings and DHCP Snooping Entries, page 52-4
• Logging of Dropped Packets, page 52-4
• Rate Limiting of ARP Packets, page 52-4
• Port Channels Function, page 52-5
To Next Page
Loading...
