CHAPTE R
26-1
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
26
Configuring Dynamic ARP Inspection
Finding Feature Information
Your software release may not support all the features documented in this chapter. For the latest feature
information and caveats, see the release notes for your platform and software release.
Use Cisco Feature Navigator to find information about platform support an d Cisco software image
support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on
Cisco.com is not required.

Prerequisites for Dynamic ARP Inspection

Dynamic Address Resolution Protocol (ARP) inspection depends on the entries in the DHCP
snooping binding database to verify IP-to-MAC address bindings in incoming ARP reque sts and
ARP responses. Make sure to enable DHCP snooping to permit ARP packets that have dynamically
assigned IP addresses.

Restrictions for Dynamic ARP Inspection

To use this feature, the switch must be running the LAN Base image.

Information About Dynamic ARP Inspection

Dynamic ARP Inspection

Dynamic ARP inspection (DAI) helps prevent malicious attacks on the switch by not relaying invalid
ARP requests and responses to other ports in the same VLAN.
ARP provides IP communication within a Layer 2 broadcast domain by mapping an IP address t o a MAC
address. For example, Host B wants to send information to Host A but does not have the MAC address
of Host A in its ARP cache. Host B generates a broadcast message for all hosts within the broadcast
domain to obtain the MAC address associated with the IP address of Host A. All hosts within the
broadcast domain receive the ARP request, and Host A responds with its MAC address. However,