Dell POWEREDGE M1000E User Manual

Page 21

Advertising
background image

Introduction

19

Dynamic ARP Inspection

Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. The

feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for

other stations by poisoning the ARP caches of its unsuspecting neighbors. The miscreant sends ARP

requests or responses mapping another station's IP address to its own MAC address.
Dynamic ARP Inspection relies on DHCP Snooping.

MLD Snooping

In IPv4, Layer 2 switches can use IGMP Snooping to limit the flooding of multicast traffic by

dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces

associated with IP multicast address.
In IPv6, MLD snooping performs a similar function. With MLD snooping, IPv6 multicast data is

selectively forwarded to a list of ports intended to receive the data (instead of being flooded to all of the

ports in a VLAN). This list is constructed by snooping IPv6 multicast control packets.

IGMP Snooping

Internet Group Management Protocol (IGMP) Snooping is a feature that allows a switch to forward

multicast traffic intelligently on the switch. Multicast IP traffic is traffic that is destined to a host group.

Host groups are identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255. Based

on the IGMP query and report messages, the switch forwards traffic only to the ports that request the

multicast traffic. This prevents the switch from broadcasting the traffic to all ports and possibly affecting

network performance.

Port Mirroring

Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing

packets from up to four source ports to a monitoring port.

Broadcast Storm Control

When Layer 2 frames are forwarded, broadcast, unknown unicast, and multicast frames are flooded to all

ports on the relevant virtual local area network (VLAN). The flooding occupies bandwidth, and loads all

nodes connected on all ports. Storm control limits the amount of broadcast, unknown unicast, and

multicast frames accepted and forwarded by the switch.

Advertising
Popular Brands
Popular manuals