DELL N3000 User Manual
Snooping and Inspecting Traffic
879
27
Snooping and Inspecting Traffic
This chapter describes Dynamic Host Configuration Protocol (DHCP)
Snooping, IP Source Guard (IPSG), and Dynamic ARP Inspection (DAI),
which are layer 2 security features that examine traffic to help prevent
accidental and malicious attacks on the switch or network.
The topics covered in this chapter include:
The topics covered in this chapter include:
• Traffic Snooping and Inspection Overview
• Default Traffic Snooping and Inspection Values
• Configuring Traffic Snooping and Inspection (Web)
• Configuring Traffic Snooping and Inspection (CLI)
• Traffic Snooping and Inspection Configuration Examples
• Default Traffic Snooping and Inspection Values
• Configuring Traffic Snooping and Inspection (Web)
• Configuring Traffic Snooping and Inspection (CLI)
• Traffic Snooping and Inspection Configuration Examples
Traffic Snooping and Inspection Overview
DHCP Snooping is a security feature that monitors DHCP messages between
a DHCP client and DHCP server to filter harmful DHCP messages and to
build a bindings database. The IPSG and DAI features use the DHCP
Snooping bindings database to help enforce switch and network security.
IP Source Guard allows the switch to drop incoming packets that do not
IP Source Guard allows the switch to drop incoming packets that do not
match a binding in the bindings database. Dynamic ARP Inspection allows
the switch to drop ARP packets whose sender MAC address and sender IP
address do not match an entry in the DHCP snooping bindings database.
DHCP Snooping and IPSG are supported for both IPv4 and IPv6. DAI is
DHCP Snooping and IPSG are supported for both IPv4 and IPv6. DAI is
supported for IPv4 only, as IPv6 does not use ARP.