beautypg.com

Dynamic arp inspection, Configure the global dai settings – NETGEAR AV Line M4250 GSM4210PX 8-Port Gigabit PoE+ Compliant Managed AV Switch with SFP (220W) User Manual

Page 623

background image

The IPv6SG binding entry is removed from the database.

8. To save the settings to the running configuration, click the Save icon.

Dynamic ARP inspection

Dynamic ARP inspection (DAI) is a security feature that rejects invalid and malicious ARP
packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly
station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting
neighbors. The unfriendly station sends ARP requests or responses mapping another
station’s IP address to its own MAC address.

DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges
and builds a bindings database of valid MAC addresses, IP addresses, VLAN interfaces,
and so on.

If DAI is enabled and if a sender MAC address and sender IP address do not match an
entry in the DHCP snooping bindings database, the switch drops the ARP packet if.
However, you can also create static mappings in the DHCP snooping bindings database.
Static mappings are useful when hosts configure static IP addresses, the switch cannot
run DHCP snooping, or other switches in the network do not run dynamic ARP inspection.
A static mapping associates an IP address to a MAC address on a VLAN.

You can configure DAI VLANs, interfaces, and access control lists (ACLs) with associated
rules.

Configure the global DAI settings

You can configure the global dynamic ARP inspection (DAI) settings.

To configure the global DAI settings:

1. Launch a web browser.

2. In the address field of your web browser, enter the IP address of the switch.

The login page displays.

3. Click the Main UI Login button.

The main UI login page displays in a new tab.

4. Enter admin as the user name, enter your local device password, and click the Login

button.
The first time that you log in, no password is required. However, you then must
specify a local device password to use each subsequent time that you log in.

The System Information page displays.

Main User Manual

623

Manage Switch Security

AV Line of Fully Managed Switches M4250 Series Main User Manual

See also other documents in the category NETGEAR Video surveillance systems: