__ccna_EN
Protect network from device
dhcp snooping
DAI intercept all request address & Responses
Invalid ARP Packets are dropped
Determines the validity of ARP packet => Store in a trusted db
Build with DHCP snooping (on vlan)
Dynamic Arp Inspection protège le réseaux des périphériques qui mentent sur la couche 2.
Ca, validate ARP packets against user cfg ARP ACL in order to handle host
_INSERT_IMG
use
Trusted state => By pass DAI validation
Untrusted state => Go thourgh DAI validation
Best praticte
All port connected to host = untrusted
all ports connected to switch = trusted
DAI => db Mac@/IP@ Binding through snooping
ARP ACL > DHCP Snooping db
Logging of dennied Packet
Question CCNA
Si sur un Vlan on active le ip arp inspection
le status passe de trusted à untrusted