Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Dynamic ARP inspection

we want to enable dynamic arp inspection to disable ARP poisoning in our Local LAN. We are using cat 2960 series switches. I am unable to locate any commands relevant to DAI in cat 2960. we are using the latest software image.Appreciate if anyone can point us in the right direction

Thanks in Advance

4 REPLIES

Re: Dynamic ARP inspection

Hi,

AFAIK, Dynamic ARP Inspection is not supported on the Catalyst 2960.

[edit] i've double checked and it is only supported on the Catalyst 6500/4500/3550/3560/3750, please use the feature navigator for checking.

HTH,

Mohammed Mahmoud.

Community Member

Re: Dynamic ARP inspection

Is there a way or a work around that I can try to stop ARP poisoning at switch level. I tried enabling port security but without any luck. Any help in this regard is greatly appreciated

Thanks in Advance

Re: Dynamic ARP inspection

Hi,

With the 2960, your best bet is Port security:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2960/12240se/scg/swtrafc.htm#wp1038501

And benefit from the part stating that if a station with a secure MAC address configured or learned on one secure port attempts to access another secure port, a violation is flagged.

HTH,

Mohammed Mahmoud.

Super Bronze

Re: Dynamic ARP inspection

Release Notes for the Catalyst 3750, 3560, 2970, and 2960 Switches, Cisco IOS Release 12.2(40)SE have, in table 7:

Dynamic ARP inspection (IP services image [formerly known as the EMI] only)

12.2(20)SE

3750 and 3560

If you have the IP service image, you could try the commands listed in: http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configuration_guide_chapter09186a00808a9951.html

490
Views
0
Helpful
4
Replies
CreatePlease to create content