beautypg.com

Dynamic arp inspection, Configure the global dai settings – NETGEAR M4350-24F4V 24-Port 10G SFP+ Managed AV Network Switch User Manual

Page 764

background image

The IPv6SG binding entry is removed from the database.

8. To save the settings to the running configuration, click the Save icon.

Dynamic ARP inspection

Dynamic ARP inspection (DAI) is a security feature that rejects invalid and malicious ARP
packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly
station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting
neighbors. The unfriendly station sends ARP requests or responses mapping another
station’s IP address to its own MAC address.

DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges
and builds a bindings database of valid MAC addresses, IP addresses, VLAN interfaces,
and so on.

If DAI is enabled and if a sender MAC address and sender IP address do not match an
entry in the DHCP snooping bindings database, the switch drops the ARP packet if.
However, you can also create static mappings in the DHCP snooping bindings database.
Static mappings are useful when hosts configure static IP addresses, the switch cannot
run DHCP snooping, or other switches in the network do not run dynamic ARP inspection.
A static mapping associates an IP address to a MAC address on a VLAN.

You can configure DAI VLANs, interfaces, and access control lists (ACLs) with associated
rules.

Configure the global DAI settings

You can configure the global dynamic ARP inspection (DAI) settings.

To configure the global DAI settings:

1. Launch a web browser.

2. In the address field of your web browser, enter the IP address of the switch.

If you do not know the IP address of the switch, see Log in to the main UI with a web
browser
on page 27 and the subsections.

The login page displays.

3. Click the Main UI Login button.

The main UI login page displays in a new tab.

4. Enter admin as the user name, enter your local device password, and click the Login

button.

Main User Manual

764

Manage Switch Security

Fully Managed Switches M4350 Series Main User Manual