Well.......I just wanted you guys to know that you DON'T need to enable DHCP
snooping to get DAI to work, whereas, you need to enable DHCP Snooping to
get "IP Verify source" to work, both of them are extensions to DHCP
Snooping.
BTW with static option, you need to write an Access-list, actually an ARP
access-list.
On Thu, Apr 16, 2009 at 8:22 AM, Nadeem Ansari
<nadeem.ansari574_at_gmail.com>wrote:
> Narbik,
>
> But have to add static ARP mapping to interfaces if "Static" is selected,
> for scalability DHCP Snooping should be used as it maps dynamically using
> DHCP Snoop table
>
> Regards
> Nadeem
>
> On Wed, Apr 15, 2009 at 7:05 PM, Narbik Kocharians <narbikk_at_gmail.com>wrote:
>
>> With DAI, if configured with "static" keyword you won't even have to
>> enable
>> DHCP snooping. Its pretty good. Don't forget to configure "Arp
>> Access-list"
>> if DHCP snooping is NOT enabled.
>>
>> On Wed, Apr 15, 2009 at 6:26 AM, Sadiq Yakasai <sadiqtanko_at_gmail.com>
>> wrote:
>>
>> > True. It works in conjunction with DHCP Snooping.
>> >
>> > On Wed, Apr 15, 2009 at 2:18 PM, Joe Astorino <joe_astorino_at_comcast.net
>> > >wrote:
>> >
>> > > check out dynamic ARP inspection.
>> > >
>> > >
>> > >
>> > > "He not busy being born is busy dying" -- Dylan
>> > >
>> > > -----BEGIN PGP PUBLIC KEY BLOCK-----
>> > > Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0
>> > >
>> > > mQGiBEY2qu8RBAD0E7Ydspmpn9/rRfd614pvDaqj4GKAUeWpc8NNJ3xNU9C5TAKg
>> > > Ta/52f2DvxgPlw6m7W66AJP0HZODw2ameQ9tNMrz3upKRA+ISFaqkJa99UOTdLGC
>> > > W/HtHWZNUJDopBHm3j/TBAAhI0EWvcNIudbHx5zYY4osfDNMaIXYaySwIwCg61Db
>> > > RuST/K0PlSUFK9o6AqTmrcsD/ReQLYK/OEzZBQsPBqMD68ADtdYyIA3VZ7nhWCzc
>> > > YODiBl36XIskcwyVAnU9YXs/Hf96MfI1R2fvYGW8jJ4WHb3wT1JxgiUG4rUbA2L3
>> > > doxNseggGrKC31njFynVuOpdd/TRfsqzV3Yv5MGFPkNG3w/AoiRtwoMZFUtAox3j
>> > > EWbBA/4mYkTKS/Rfgpv7QQHj4ajCHsTL/JNSN8LARwbBomUFdJ+0xdNdr7Ax1zC4
>> > > FEUfP0plRMLMypKPSNYzlIF8dKGwW2I8hUMfQpmIBA4BXBE0/mbv21lU2AzTkvb1
>> > > FssbIzhCkx3mMzESgYIwnnNkJBatTfFqKOxGm//G7s2y1eFPsrQnSm9lIEFzdG9y
>> > > aW5vIDxqb2VfYXN0b3Jpbm9AY29tY2FzdC5uZXQ+iGAEExECACAFAkY2qu8CGwMG
>> > > CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAb4dzwEzSi9chbAKCTz89zl4etDIdD
>> > > Hewo7LNEmfT8uQCgmbneQqTT5VyIEx75nG5KzJh2K2m5Ag0ERjaq7xAIALgM2fwR
>> > > tuhRNrwvkYFXTA5grAnnhGqFXPfLt5YlU86QLdu3Z9WJcAAHck1HMCUxdm0gZyNu
>> > > q5XQnmr76dbWjftQ+mxYAdhZGjjGV1OQyjfyUoLbxyR0jvaLUTFvMmtxFsHpJvEc
>> > > VLscWZUvjPbpcg/BH8EWbDUSCJc70EZMW6TpjyL+1Eq6+n4KB+IWDnn603U3vYFj
>> > > ExVfg2CqTIzC/mxAGQ/lg1ujKBnL/VemGpjZzL8jyYVLhAtASTWnwuaL1Sf2kCYh
>> > > fApP+06YxkQ39BrJmi7Dg6s5zeRu4le57kPLVAGK0ZYRbaq5asAi9Ni5j/ZLdh/b
>> > > F3oUgAOTPQtqbi8AAwUH/1n9jpOXRX7LsfsI5K4gVhHYPUYuy5WuRRxJZ6Y1JbOq
>> > > UfePLg+cutaxE8RAvEY1VZvNTvEt7UYPoA3qR3lb4IzLqJimbbKGhhVdHIOYLGnz
>> > > nxiwfo4S+my9GEYKLb3iHIR1DCfihhDryVlFYGAMCPNh0w2sNSSenP4cZBuD6V1J
>> > > QLitW9aZoURMvtFYU8aO/BlZ7hVlRVNU5juwwAM5t2n2gBeRhMthaAR7OApDypvB
>> > > 1TM+BeSDchieEAFNkX4leSMbFgP3CJmAXMJXKj8MQmsR8gdccUHGplGFI6IzNklm
>> > > L/eWLdhAZsM+LsAo4MpoJzPoQyFIH7wmIPm4b/z7YZmISQQYEQIACQUCRjaq7wIb
>> > > DAAKCRAb4dzwEzSi9XiWAKCdDtdnTW9X/6rHxQL/obNiZsEtEwCgrlmYisNacJyf
>> > > 74k/eLaYWYqu7YI=
>> > > =8HMA
>> > > -----END PGP PUBLIC KEY BLOCK-----
>> > >
>> > > ----- Original Message -----
>> > > From: "Jimmy" <cciebase_at_gmail.com>
>> > > To: "Cisco certification" <ccielab_at_groupstudy.com>
>> > > Sent: Wednesday, April 15, 2009 9:02:52 AM GMT -05:00 US/Canada
>> Eastern
>> > > Subject: about arp
>> > >
>> > > Hi,every experts:
>> > >
>> > >
>> > > Thers is a feature can prevent arp attack (cisco only). but i forgot
>> the
>> > > name ,who know that ?
>> > >
>> > >
>> > > kind regards
>> > >
>> > >
>> > > Blogs and organic groups at http://www.ccie.net
>> > >
>> > >
>> _______________________________________________________________________
>> > > Subscription information may be found at:
>> > > http://www.groupstudy.com/list/CCIELab.html
>> > >
>> > >
>> > > Blogs and organic groups at http://www.ccie.net
>> > >
>> > >
>> _______________________________________________________________________
>> > > Subscription information may be found at:
>> > > http://www.groupstudy.com/list/CCIELab.html
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> >
>> >
>> > --
>> > CCIE #19963
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>>
>>
>> --
>> Narbik Kocharians
>> CCSI#30832, CCIE# 12410 (R&S, SP, Security)
>> www.MicronicsTraining.com <http://www.micronicstraining.com/>
>> www.Net-Workbooks.com <http://www.net-workbooks.com/>
>> Sr. Technical Instructor
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
-- Narbik Kocharians CCSI#30832, CCIE# 12410 (R&S, SP, Security) www.MicronicsTraining.com www.Net-Workbooks.com Sr. Technical Instructor Blogs and organic groups at http://www.ccie.netReceived on Thu Apr 16 2009 - 08:36:28 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:12 ART