DAI Dynamic Arp Inspection

Try

HackMD

tags: `__ccna_EN`

Protect network from device

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/dynarp.html

dhcp snooping

Image Not Showing Possible Reasons

The image file may be corrupted
The server hosting the image is unavailable
The image path is incorrect
The image format is not supported

Learn More →

Image Not Showing Possible Reasons

The image file may be corrupted
The server hosting the image is unavailable
The image path is incorrect
The image format is not supported

Learn More →

DAI intercept all request address & Responses
Invalid ARP Packets are dropped
Determines the validity of ARP packet => Store in a trusted db
Build with DHCP snooping (on vlan)

Dynamic Arp Inspection protège le réseaux des périphériques qui mentent sur la couche 2.

Ca, validate ARP packets against user cfg ARP ACL in order to handle host

_INSERT_IMG

use

statically cfg IP@ Interface Truste State, Security Coverage and Network cfg

Trusted state => By pass DAI validation
Untrusted state => Go thourgh DAI validation

Best praticte
All port connected to host = untrusted
all ports connected to switch = trusted

DAI => db Mac@/IP@ Binding through snooping
ARP ACL > DHCP Snooping db

Logging of dennied Packet

Question CCNA
Si sur un Vlan on active le ip arp inspection
le status passe de trusted à untrusted

tags: __ccna_EN

statically cfg IP@ Interface Truste State, Security Coverage and Network cfg

Read more

Protocole OSPFv2

Untitled

IPV6

A_Question CCNA & Correction

tags: `__ccna_EN`