dynamic arp inspection and ip source guard

Unanswered Question
Dec 6th, 2008

Hi all, can anyone tell me in a nutshell, what these 2 are used for on a switch and how they work?

dynamic arp inspection and ip source guard



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Sat, 12/06/2008 - 04:08

Hello Carl,

DAI and IP source guard are two security features that have been introduced to reduce the risks of some type of attacks that involve Man in the middle concept.

If an attacker is present in a Vlan with a focused ARP activity it can introduce itself in the communications between host(s) and default gateway: it provides its MAC address as the MAC address of the next hop to the hosts and its MAC address as that of the hosts to the router.

So the attacker PC can capture both directions of a communication.

DAI and IP source guard tracks ARP requests and associations of ports, MAC addresses, IP addresses so that when an attempt is made to take the identity of another device the switch can filter the suspicius ARP message.

These features can be combined with ip DCHP binding with the same target for blocking DHCP man in the middle attacks.

The switch builds tables to track port, MAC, ip address of legitimate hosts.




Hope to help



This Discussion