Understanding IP Source Guard & Dynamic ARP Inspection from The Broadcast Storm, with Kevin Wallace, CCIEx2 #7945 Emeritus

The Broadcast Storm, with Kevin Wallace, CCIEx2 #7945 Emeritus

Kevin Wallace, CCIEx2 #7945 Emeritus (Enterprise Infrastructure and Collabo

Episodes

Understanding IP Source Guard & Dynamic ARP Inspection

9 minutes Posted Dec 1, 2018 at 9:00 am.

0:00

9:21

Download MP3

Share at current time

Show notes

Sign up for Kevin's live and online "CCNP R/S SWITCH (300-115) Crash Course," being conducted Dec. 17, 18, & 19, 2018 with the following link:

http://bit.ly/switch-dec-18

In this episode of "The Broadcast Storm," you'll learn how to build on the DHCP Snooping configuration (covered in the last episode) to protect your network from IP spoofing (originating on a local subnet) and a gratuitous ARP man-in-the-middle attack.

As promised in this episode, here's are sample configurations for both IP Source Guard and Dynamic ARP Inspection:

IP SOURCE GUARD EXAMPLE:

SW1# conf term

SW1(config)#int range fa 0/2-24

SW1(config-if-range)#ip verify source

SW1(config-if-range)#end

SW1#

DYNAMIC ARP INSPECTION EXAMPLE:

SW1# conf term

SW1(config)#ip arp inspection vlan 1

SW1(config)#int gig 0/1

SW1(config-if)#ip arp inspection trust

SW1(config-if)#int range fa 1/0/13-14

SW1(config-if-range)#ip arp inspection trust

SW1(config-if-range)#end

SW1#

← See all 100 episodes of The Broadcast Storm, with Kevin Wallace, CCIEx2 #7945 Emeritus