Cisco Systems SRW248G4PK9NA User Manual
Security
Dynamic ARP Inspection
353
Cisco Small Business 300 Series Managed Switch Administration Guide
17
-
No Snoop VLAN—DHCP Snooping is not enabled on the VLAN.
-
Trusted Port—Port has become trusted.
-
Resource Problem—TCAM resources are exhausted.
To see a subset of these entries, enter the relevant search criteria and click Go.
Dynamic ARP Inspection
ARP enables IP communication within a Layer 2 Broadcast domain by mapping IP
addresses to a MAC addresses.
addresses to a MAC addresses.
A malicious user can attack hosts, switches, and routers connected to a Layer 2
network by poisoning the ARP caches of systems connected to the subnet and by
intercepting traffic intended for other hosts on the subnet. This can happen
because ARP allows a gratuitous reply from a host even if an ARP request was not
received. After the attack, all traffic from the device under attack flows through the
attacker's computer and then to the router, switch, or host.
network by poisoning the ARP caches of systems connected to the subnet and by
intercepting traffic intended for other hosts on the subnet. This can happen
because ARP allows a gratuitous reply from a host even if an ARP request was not
received. After the attack, all traffic from the device under attack flows through the
attacker's computer and then to the router, switch, or host.
The following shows an example of ARP cache poisoning.
ARP Cache Poisoning