Enhancements
Release M.10.35 Enhancements
Release M.10.35 Enhancements
Release M.10.35 includes the following enhancement:
■Enhancement (PR_1000419928) — The Dynamic ARP Protection feature was added.
Dynamic ARP Protection
Introduction
On the VLAN interfaces of a routing switch, dynamic ARP protection ensures that only valid ARP requests and responses are relayed or used to update the local ARP cache. ARP packets with invalid
ARP requests are ordinarily broadcast and received by all devices in a broadcast domain. Most ARP devices update their
Because ARP allows a node to update its cache entries on other systems by broadcasting or unicasting a gratuitous ARP reply, an attacker can send his own
Another way in which the ARP cache of known IP addresses and associated MAC addresses can be poisoned is through unsolicited ARP responses. For example, an attacker can associate the IP address of the network gateway with the MAC address of a network node. In this way, all outgoing traffic is prevented from leaving the network because the node does not have access to outside networks. As a result, the node is overwhelmed by outgoing traffic destined to another network.
Dynamic ARP protection is designed to protect your network against ARP poisoning attacks in the following ways:
■Allows you to differentiate between trusted and untrusted ports.
■Intercepts all ARP requests and responses on untrusted ports before forwarding them.
■Verifies
• If a binding is valid, the switch updates its local ARP cache and forwards the packet.
109