cisco ccnp switch

Posted filed under Cisco CCNP.

Dynamic ARP Inspection (DAI) is a security feature that fixes some well-known weaknesses in the ARP protocol. Generally, ARP operation on an Ethernet segment allows any host to spoof a MAC address for any IP address on the segment. These attacks, commonly known as Man-in-the-Middle (MITM) attacks, cannot be prevented by using only port-security, access-lists, or other well-known security features. DAI is used to prevent ARP poisoning attacks:
ARP Inspection is used to Prevent ARP Poisoning.


Step 1)  Enable DAI  globally
Switch(config)# ip arp inspection vlan 30-35


Step 2) Apply to the interface that need to be trusted  (By default all other ports will be untrusted)
Switch(config)#interface g1/0/1
Switch(config-if)#ip arp inspection trust



To Become Cretified For Cisco CCNP Please Visit This Link


Comments are closed.