Versions Compared

Old Version 5

changes.mady.by.user Jean-luc KRIKER

Saved on

compared with

New Version 6

changes.mady.by.user Jean-luc KRIKER

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


DHCP snooping database is shared with IP source guard and dynamic ARP inspection






Understanding DHCP Snooping (ELS)Link
DHCP SnoopingLink
Understanding IP Source Guard for Port Security on Switches

protection against IP spoofing ( forging/stealing)

Link

Understanding and Using Dynamic ARP Inspection (DAI)Link


Dynamic ARP Inspection

DAI inspects ARPs on the LAN and uses the information in the DHCP snooping database on the switch to validate ARP packets and to protect against ARP spoofing



Enhanced Layer 2 Software (ELS) configuration style: Link
enable DAI on a VLAN  ( in ELS ) set vlans vlan-name forwarding-options dhcp-security arp-inspection

enable DAI on a VLAN  ( in non-ELS )

 for EX Series switches that do not support
the Enhanced Layer 2 Software (ELS)

set ethernet-switching-options secure-access-port vlan vlan-name arp-inspection

or

set ethernet-switching-options secure-access-port vlan all arp-inspection