Network technologies and trends

Nov 26 2008   5:59AM GMT

What is Dynamic ARP Inspection (DAI) ?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Dynamic ARP inspection is a security feature which validates ARP packet in a network. Dynamic ARP inspections validates the packet by performing IP to MAC address binding inspection stored in a trusted database (the DHCP snooping database) before forwarding the packet. Dynamic ARP intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks.

Dynamic ARP inspection ensures that only valid ARP requests and responses are relayed.

The switch performs these activities:·        

Intercepts all ARP requests and responses on untrusted ports ·        

Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before it updates the local ARP cache or before it forwards the packet to the appropriate destination·        

Drops invalid ARP packets

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: