Dell PowerConnect 5548 User Guide - Page 552
Dynamic ARP Inspection Overview
View all Dell PowerConnect 5548 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 552 highlights
Dynamic ARP Inspection Overview ARP Inspection eliminates man-in-the-middle attacks, where false ARP packets are inserted into the subnet. ARP requests and responses are inspected, and their MAC-address-to-IP-address binding is checked according to the ARP Inspection List defined by the user (in the Dynamic ARP Inspection List and Dynamic ARP Inspection Entries pages). If the packet's IP address was not found in the ARP Inspection List, and DHCP Snooping is enabled for a VLAN, a search of the DHCP Snooping database is performed. See "How DHCP Snooping Works" on page 564 for an explanation of the DHCP Snooping database. If the IP address is found the packet is valid, and is forwarded. Packets with invalid ARP Inspection bindings are logged and dropped. Ports are classified as follows: • Trusted - Packets are not inspected. • Untrusted -Packets are inspected as described above. The following additional validation checks may be configured by the user: • Source MAC - Compares the packet's source MAC address in the Ethernet header against the sender's MAC address in the ARP request. This check is performed on both ARP requests and responses. • Destination MAC - Compares the packet's destination MAC address in the Ethernet header against the destination interface's MAC address. This check is performed for ARP responses. • IP Addresses - Compares the ARP body for invalid and unexpected IP addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP Multicast addresses. 552 Dell PowerConnect 55xx Systems User Guide