From: wim.depauw@getronics.com
Date: Mon Dec 17 2007 - 16:54:42 ART
Hi,
I'm doing some tests with the above features but I'm a little bit confused .
Too my understanding :
IP source guard will make sure that your relationship mac-address - IP address is correct . This is checked either in dhcp database or via ip source binding command . Also it is configured under an interface with the command ip verify source
Dynamic arp inspection will make sure that you don't have a man in the middel attack so it will also check the IP address- mac address relationship
This is configured globally per vlan and possible also with static ARP ACL for
non-dhcp environments.
So in the end they do the same thing but on a different way . Am I correct or am I missing something ?
WHat about the lab ? Go see the proctor ?
Personally I would choose the dynamic arp inspection because you can configure it globally ....
gr
wim
This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:31 ARST