Try   HackMD
tags: __ccna_EN

Protect network from device

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/dynarp.html

dhcp snooping

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

DAI intercept all request address & Responses
Invalid ARP Packets are dropped
Determines the validity of ARP packet => Store in a trusted db
Build with DHCP snooping (on vlan)

Dynamic Arp Inspection protège le réseaux des périphériques qui mentent sur la couche 2.

Ca, validate ARP packets against user cfg ARP ACL in order to handle host

_INSERT_IMG

use

statically cfg IP@ Interface Truste State, Security Coverage and Network cfg

Trusted state => By pass DAI validation
Untrusted state => Go thourgh DAI validation

Best praticte
All port connected to host = untrusted
all ports connected to switch = trusted

DAI => db Mac@/IP@ Binding through snooping
ARP ACL > DHCP Snooping db

Logging of dennied Packet

Question CCNA
Si sur un Vlan on active le ip arp inspection
le status passe de trusted à untrusted