Dell PowerConnect M6220 User's Guide - Page 389
Dynamic ARP Inspection, DAI Global Configuration
View all Dell PowerConnect M6220 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 389 highlights
Dynamic ARP Inspection Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. DAI prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting neighbors. The miscreant sends ARP requests or responses mapping another station's IP address to its own MAC address. DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and builds a binding database of valid {MAC address, IP address, VLAN, and interface} tuples. When DAI is enabled, the switch drops ARP packets whose sender MAC address and sender IP address do not match an entry in the DHCP snooping bindings database. You can optionally configure additional ARP packet validation. The Dynamic ARP Inspection menu page contains links to the following features: • DAI Global Configuration • DAI Interface Configuration • DAI VLAN Configuration • DAI ACL Configuration • DAI ACL Rule Configuration • DAI Statistics DAI Global Configuration Use the DAI Configuration page to configure global DAI settings. To display the DAI Configuration page, click Switching > Dynamic ARP Inspection > Global Configuration in the navigation tree. Figure 7-101. Dynamic ARP Inspection Global Configuration Configuring Switching Information 387