Netgear M4100-26G CLI Manual - Page 141
Dynamic ARP Inspection Commands, ip arp inspection vlan
View all Netgear M4100-26G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 141 highlights
ProSafe M4100 and M7100 Managed Switches Term VLAN Interface Definition VLAN for the entry. IP address of the interface in slot/port format. The following shows sample CLI display output for the command. (switch) #show ip source binding MAC Address IP Address Type Vlan Interface 00:00:00:00:00:08 1.2.3.4 dhcp-snooping 2 0/1 00:00:00:00:00:09 1.2.3.4 dhcp-snooping 3 0/1 00:00:00:00:00:0A 1.2.3.4 dhcp-snooping 4 0/1 Dynamic ARP Inspection Commands Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. DAI prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting neighbors. The miscreant sends ARP requests or responses mapping another station's IP address to its own MAC address. DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and builds a binding database of valid {MAC address, IP address, VLAN, and interface} tuples. When DAI is enabled, the switch drops ARP packets whose sender MAC address and sender IP address do not match an entry in the DHCP snooping bindings database. You can optionally configure additional ARP packet validation. ip arp inspection vlan Use this command to enable Dynamic ARP Inspection on a list of comma-separated VLAN ranges. Default Format Mode disabled ip arp inspection vlan vlan-list Global Config no ip arp inspection vlan Use this command to disable Dynamic ARP Inspection on a list of comma-separated VLAN ranges. Format Mode no ip arp inspection vlan vlan-list Global Config Switching Commands 141