Cisco CCNP Switch ARP Inspection
Dynamic ARP Inspection (DAI) is a security feature that fixes some well-known weaknesses in the ARP protocol. Generally, ARP operation on an Ethernet segment allows any host to spoof a MAC address for any IP address on the segment. These attacks, commonly known as Man-in-the-Middle (MITM) attacks, cannot be prevented by using only port-security, access-lists, or other well-known security features. DAI is used to prevent ARP poisoning attacks:
ARP Inspection is used to Prevent ARP Poisoning.
Step 1) Enable DAI globally
Switch(config)# ip arp inspection vlan 30-35
Step 2) Apply to the interface that need to be trusted (By default all other ports will be untrusted)
Switch(config)#interface g1/0/1
Switch(config-if)#ip arp inspection trust
To Become Cretified For Cisco CCNP Please Visit This Link
