Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

dynamic arp inspection and ip source guard

Hi all, can anyone tell me in a nutshell, what these 2 are used for on a switch and how they work?

dynamic arp inspection and ip source guard

cheers

Carl

1 REPLY
Hall of Fame Super Silver

Re: dynamic arp inspection and ip source guard

Hello Carl,

DAI and IP source guard are two security features that have been introduced to reduce the risks of some type of attacks that involve Man in the middle concept.

If an attacker is present in a Vlan with a focused ARP activity it can introduce itself in the communications between host(s) and default gateway: it provides its MAC address as the MAC address of the next hop to the hosts and its MAC address as that of the hosts to the router.

So the attacker PC can capture both directions of a communication.

DAI and IP source guard tracks ARP requests and associations of ports, MAC addresses, IP addresses so that when an attempt is made to take the identity of another device the switch can filter the suspicius ARP message.

These features can be combined with ip DCHP binding with the same target for blocking DHCP man in the middle attacks.

The switch builds tables to track port, MAC, ip address of legitimate hosts.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/46sg/configuration/guide/dynarp.html

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/46sg/configuration/guide/dhcp.html

Hope to help

Giuseppe

209
Views
0
Helpful
1
Replies
CreatePlease to create content