What does the global configuration command ip arp inspection vlan 10-12, 15 accomplish?

What does the global configuration command ip arp inspection vlan 10-12, 15 accomplish?

What does the global configuration command ip arp inspection vlan 10-12, 15 accomplish?

A.
validates outgoing ARP requests for interfaces configured on VLAN 10, 11, 12, or 15

B.
intercepts all ARP requests and responses on trusted ports

C.
intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings

D.
discards ARP packets with invalid IP-to-MAC address bindings on trusted ports

Explanation:
The function of DAI is:
+ Intercepts all ARP requests and responses on untrusted ports
+ Verifies that each of these intercepted packets has a valid IP-to-MAC address
binding before updating the local ARP cache or before forwarding the packet to the
appropriate destination
+ Drops invalid ARP packets
On untrusted ports, the switch captures all ARP packets (both request and reply) and then
validates the Source Protocol and Source Hardware address values against the snooping
table database for that port.
If the MAC address and IP address and the corresponding port do not match the snooping
database entry, the ARP packets are dropped. DAI thus prevents the node from specifying a
non-legitimate IP-MAC address binding which differs from what was given by the DHCP server.



Leave a Reply 0

Your email address will not be published. Required fields are marked *