- Purple, 4500 points or more
I'd like you to check my thinking
We have Dell PowerConnect switches as our edge switches and they all connect to our core 3750. The router (Cisco 3745) also connects to the 3750. It's been asked what would happen if a user that was connected into an edge switch statically configured an address as the router's address. We have nothing in place to prevent that now. What I'm thinking of doing is configuring DAI on the 3750, add a static ARP entry for the 3745 and configure all of the uplinked edge switch ports as untrusted. If that would work, do I need to trust the port that connects to the router? Also, I'm a little unclear on arp acls. Does that only allow that mac address with that ip address on that port?