Dynamic arp inspection commands, Commands in this chapter, Arp access-list – Dell POWEREDGE M1000E User Manual

Dynamic ARP Inspection Commands

341

13

Dynamic ARP Inspection

Commands

Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and

malicious ARP packets. The feature prevents a class of man-in-the-middle

attacks, where an unfriendly station intercepts traffic for other stations by

poisoning the ARP caches of its neighbors. The miscreant sends ARP requests

or responses mapping another station IP address to its own MAC address.
DAI drops ARP packets whose sender MAC address and sender IP address do

not match an entry in the DHCP Snooping bindings database.

Commands in this Chapter

This chapter explains the following commands:

arp access-list

Use the arp access-list command to create an ARP ACL. It will place the user

in ARP ACL Configuration mode. Use the “no” form of this command to

delete an ARP ACL.

Syntax

arp access-list

acl-name

no arp access-list

acl-name

•

acl-name

— A valid ARP ACL name (Range: 1–31 characters).

arp access-list

ip arp inspection vlan

clear ip arp inspection statistics

permit ip host mac host

ip arp inspection filter

show arp access-list

ip arp inspection limit

show ip arp inspection

ip arp inspection trust

show ip arp inspection vlan

ip arp inspection validate

2CSPC4.XModular-SWUM200.book Page 341 Thursday, March 10, 2011 11:18 AM