Snooping and inspecting traffic, Traffic snooping and inspection overview, Ee "snooping and inspecting – Dell POWEREDGE M1000E User Manual
Page 791: Ee "snooping and, Ee "snooping and inspecting traffic
Snooping and Inspecting Traffic
791
27
Snooping and Inspecting Traffic
This chapter describes Dynamic Host Configuration Protocol (DHCP)
Snooping, IP Source Guard (IPSG), and Dynamic ARP Inspection (DAI),
which are layer 2 security features that examine traffic to help prevent
accidental and malicious attacks on the switch or network.
The topics covered in this chapter include:
• Traffic Snooping and Inspection Overview
• Default Traffic Snooping and Inspection Values
• Configuring Traffic Snooping and Inspection (Web)
• Configuring Traffic Snooping and Inspection (CLI)
• Traffic Snooping and Inspection Configuration Examples
Traffic Snooping and Inspection Overview
DHCP Snooping is a security feature that monitors DHCP messages between
a DHCP client and DHCP server to filter harmful DHCP messages and to
build a bindings database. The IPSG and DAI features use the DHCP
Snooping bindings database to help enforce switch and network security.
IP Source Guard allows the switch to drop incoming packets that do not
match a binding in the bindings database. Dynamic ARP Inspection allows
the switch to drop ARP packets whose sender MAC address and sender IP
address do not match an entry in the DHCP snooping bindings database.