Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Understanding and Application of Ip dhcp snooping + ip arp inspection

2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Ip dhcp snooping + ip arp inspection

1.Ip arp inspection

Configuring Dynamic ARP Inspection in DHCP Environments

This example shows how to configure dynamic ARP inspection on Switch A in VLAN 1. You would perform a similar procedure on Switch B:

Switch(config)# ip arp inspection vlan 1

Switch(config)# interface gigabitethernet 0/1

Switch(config-if)# ip arp inspection trust

Other untrusted ports need to judge whether the ARP packet is legitimate according to the mac and ip mapping table obtained from dhcp snooping.

Configuring ARP ACLs for Non-DHCP Environments

This example shows how to configure an ARP ACL called host2 on Switch A, to permit ARP packets from Host 2 (IP address 1.1.1.1 and MAC address 0001.0001.0001), to apply the ACL to VLAN 1, and to configure port 1 on Switch A as untrusted:

Switch(config)# arp access-list host2

Switch(config-arp-acl)# permit ip host 1.1.1.1 mac host 1.1.1

Switch(config-arp-acl)# exit

Switch(config)# ip arp inspection filter host2 vlan 1

Switch(config)# interface gigabitethernet 0/1

Switch(config-if)# no ip arp inspection trust//trust was configured before, now it is untrusted

Port1 is an untrusted port, but allows ARP packets from host2 to pass through the mapping table without matching Ip to MAC. Is this table obtained through dhcp snooping, and host2 is statically configured not Ip, not dynamically obtained through dhcp, so the table has no relevant records. You cannot rely on this to detect ARP packets.

2.ip dhcp snooping

Trusted ports can initiate all DHCP messages, while untrusted ports can only initiate request messages. This feature can be used in conjunction with DHCP Option 82, which inserts the port ID of a DHCP request into a DHCP request packet.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report