Security Suite
ARP Inspection
SPS208G/SPS224G4/SPS2024 Service Provider Switches User Guide 142
8
ARP Inspection
Classic
Address Resolution Protocol
is a TCP/IP protocol that translates IP
addresses into MAC addresses. Classic ARP does the following:
• Permits two hosts on the same network to communicate and send packets.
• Permits two hosts on different networks to communicate via a gateway.
• Permits routers to send packets via a host to a different router on the same
network.
• Permits routers to send packets to a destination host via a local host.
ARP Inspection eliminates man-in-the-middle attacks, where false ARP packets
are inserted into the subnet. ARP requests and responses are inspected, and their
MAC Address to IP Address binding is checked. Packets with invalid ARP
Inspection Bindings are logged and dropped. Packets are classified as:
• Truste d — Indicates that the interface IP and MAC address are recognized,
and recorded in the
ARP Inspection List
. Trusted packets are forward
without ARP Inspection.
• Untrusted — Indicates that the packet arrived from an interface that does
not have a recognized IP and MAC addresses. The packet is checked for:
-
Source MAC
— Compares the packet’s source MAC address against the
sender’s MAC address in the ARP request. This check is performed on
both ARP requests and responses.
-
Destination MAC
— Compares the packet’s destination MAC address
against the destination interface’s MAC address. This check is
performed for ARP responses.
-
IP Addresses
— Compares the ARP body for invalid and unexpected IP
addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP
Multicast addresses. If the packet’s IP address was not found in the ARP
Inspection List, and DHCP snooping is enabled for a VLAN, a search of
the DHCP Snooping Database is performed. If the IP address is found,
the packet is valid and is forwarded. ARP inspection is performed only
on untrusted interfaces.
The
ARP Inspection Screen
provides parameters or enabling and setting global
ARP Inspection parameters, as well as defining ARP Inspection Log parameters.
To Next Page
Loading...
Need help?
General
