DHCP snooping database is shared with IP source guard and dynamic ARP inspection
Understanding DHCP Snooping (ELS) | Link |
DHCP Snooping | Link |
Understanding IP Source Guard for Port Security on Switches | protection against IP spoofing ( forging/stealing) |
Understanding and Using Dynamic ARP Inspection (DAI) | Link |
Dynamic ARP Inspection
DAI inspects ARPs on the LAN and uses the information in the DHCP snooping database on the switch to validate ARP packets and to protect against ARP spoofing
Enhanced Layer 2 Software (ELS) configuration style: Link | |
---|---|
enable DAI on a VLAN ( in ELS ) | set vlans vlan-name forwarding-options dhcp-security arp-inspection |
enable DAI on a VLAN ( in non-ELS ) for EX Series switches that do not support | set ethernet-switching-options secure-access-port vlan vlan-name arp-inspection or set ethernet-switching-options secure-access-port vlan all arp-inspection |