×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Dynamic ARP Inspection for non-DHCP Environment

Unanswered Question
Oct 12th, 2013
User Badges:

Hi everyone,


I wish to deploy DAI (Dynamic ARP Inspection) for a non-DHCP Environment where all connected hosts are assigned with a static IP address.

ARP ACL as recommended in Cisco Docs can be used to achieve this so that ARP spoofing / poisoning can be mitigated.


This does not seem to be a scalable solution for my deployment scenario.

Multiple (more than 15) /25 Subnets,  presently having a different numbers of hosts in each subnet.

Prediction or probability of addition of new hosts in these subnets is also not possible. Hosts are added as per requirement.


Creation of ARP ACL manually seems to be working. But it requires manual configuration overhead and results in a lengthy multiple ACL entries.


Will "ip device-tracking" feature be helpful in some way for utilization with DAI for non-DHCP environment?       




Rajmohan R       

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
paul driver Sun, 10/13/2013 - 04:59
User Badges:
  • Green, 3000 points or more

Hello

static DAI is always checked first with or withput the dhcp snooping table but to have a dymanic setup I am on the understanding that dhcp snooping is required

res
paul

Sent from Cisco Technical Support Android App

RAJMOHAN RAMAMOORTHY Mon, 10/14/2013 - 07:31
User Badges:

Thanks Paul.


Does it means that IP Device tracing will be of no use in DAI implementation in non-dhcp environment.


Rajmohan R

Actions

This Discussion

Related Content