Dynamic arp inspection, Dynamic arp inspection overview – Dell PowerEdge VRTX User Manual

377

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Dell Plasma\User

Guide\Plasma_UGSwitching_ARP.fm

D E L L CO N F I D E N T I A L – P R E L I MI N A RY 4/ 1 8 /1 3 - F O R PR O O F O N LY

16

Dynamic ARP Inspection

This section describes dynamic ARP inspection.
It contains the following topics:

• Dynamic ARP Inspection Overview
• Global Settings
• Dynamic ARP Inspection List
• Dynamic ARP Inspection Entries
• VLAN Settings
• Trusted Interface

Dynamic ARP Inspection Overview

ARP Inspection eliminates man-in-the-middle attacks, where false ARP

packets are inserted into the subnet. ARP requests and responses are

inspected, and their MAC-address-to-IP-address binding is checked according

to the ARP Inspection List defined by the user (in the

Dynamic ARP

Inspection List

and

Dynamic ARP Inspection Entries

pages). If the packet’s IP

address was not found in the ARP Inspection List, and DHCP Snooping is

enabled for a VLAN, a search of the DHCP Snooping database is performed.

See "How DHCP Snooping Works" on page 387 for an explanation of the

DHCP Snooping database. If the IP address is found the packet is valid, and is

forwarded.
Packets with invalid ARP Inspection bindings are logged and dropped.
Ports are classified as follows:

• Trusted — Packets are not inspected.
• Untrusted —Packets are inspected as described above.