DELL 8132 ユーザーズマニュアル

Dynamic ARP Inspection Commands

Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and 

malicious ARP packets. The feature prevents a class of man-in-the-middle 

attacks, where an unfriendly station intercepts traffic for other stations by 

poisoning the ARP caches of its neighbors. The miscreant sends ARP requests 

or responses mapping another station IP address to its own MAC address.
DAI drops ARP packets whose sender MAC address and sender IP address do 

not match an entry in the DHCP Snooping bindings database.

This chapter explains the following commands:

Use the arp access-list command to create an ARP ACL. It will place the user 

in ARP ACL Configuration mode. Use the “no” form of this command to 

delete an ARP ACL.

arp access-list 

acl-name

no arp access-list 

acl-name

•

acl-name — A valid ARP ACL name (Range: 1–31 characters).

–

2CSPC4.X8100-SWUM102.book  Page 375  Friday, March 15, 2013  8:56 AM