Scribd Logo
Upload

Welcome to Scribd!

  • ARP, DAI, IP Source Guard

    Uploaded by

    Jack Cord
    6 views11 pages

    Original Title

    10. ARP, DAI, IP Source Guard

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views11 pages

    ARP, DAI, IP Source Guard

    Uploaded by

    Jack Cord

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    ARP

    ARP Request A FFFF.FFFF.FFFF

    ARP Reply G A

    Gratuitous ARP G FFFF.FFFF.FFFF

    f0/0 f0/1
    A G H B
    10.0.0.2
    10.0.0.3
    10.0.0.1 20.0.0.1

    Data 10.0.0.1 Data


    10.0.0.2 10.0.0.2
    A G 10.0.0.1 G A
    C:\> ping 10.0.0.2

    ARP Table
    10.0.0.2
    10.0.0.3 G
    R1# clear arp-cache 20.0.0.1
    Default Gateway
    R1# clear arp-cache interface f0/0
    R1# clear ip arp 20.0.0.1
    R1# show arp
    Protocol Address Age(min) Hardware Addr Type Interface
    Internet 20.0.0.1 - c200.07c4.0000 ARPA F0/1
    R# ping 20.0.0.1
    ARP Cache !!!!!
    ARP resolution .!!!!

    f0/0 f0/1
    A G H B
    10.0.0.2
    10.0.0.1 20.0.0.1

    Data 10.0.0.1 Data


    20.0.0.1 10.0.0.1
    A G 20.0.0.1 H
    A B
    G
    C:\> ping 20.0.0.1
    Default Gateway: 10.0.0.2
    ARP
    A B

    10.0.0.1 10.0.0.1

    NAT

    Internet

    NAT# show arp


    Protocol Address Age(min) Hardware Addr Type Interface
    Internet 10.0.0.1 - 0000.0000.000A
    0000.0000.000B ARPA F0/1
    192.168.2.0/24

    192.168.1.0/24 192.168.3.0/24
    Gratuitous ARP
    B B
    Gratuitous ARP
    0s
    2s
    4s B B

    B B

    A
    ARP poison
    ARP Table ARP Table
    10.0.0.2 B
    H 10.0.0.1 A
    H

    A B

    10.0.0.1 10.0.0.2
    10.0.0.1 10.0.0.2 A H 10.0.0.2 10.0.0.1 B H
    10.0.0.2 - H 10.0.0.1 - H
    A B

    Gratuitous ARP
    Dynamic ARP Inspection
    ARP Table ARP Table
    10.0.0.2 B 10.0.0.1 A

    Sw(config)# ip dhcp snooping


    A ip dhcp snooping vlan 1 B
    Sw(config)#
    Sw(config)# ip arp inspection filter vlan 1
    10.0.0.1
    Sw(config)# 10.0.0.2src-mac ip
    ip arp inspection validate

    10.0.0.2 - H 10.0.0.1 - H
    ARP Reply ARP Reply

    MAC H 10.0.0.3 f0/3 VLAN 1


    Sw(config)#
    Sw(config-if)#
    show ip dhcparp
    snooping
    ip
    access-list
    arp binding
    inspection
    abc trust
    show ip arp inspection
    Sw(config-arp-acl)# permit
    interfaces
    ip host 10.0.0.3 mac host MAC_H
    show ip arp inspection vlan 10
    clear ip arpip
    Sw(config)# inspection 10.0.0.3
    arp inspection filter abc vlan 1
    show interface
    Sw(config)# ip status
    arp inspection
    err-disabled
    validate
    H src-mac ip

    Gratuitous ARP
    IP Source Guard

    A B

    10.0.0.1 10.0.0.2
    Sw# show ip verify source [interface f0/1]
    Sw# show ip source binding Segment 10.0.0.1 10.0.0.2

    Sw(config)# ip dhcp snooping


    Sw(config)# ip dhcp snooping vlan 1
    MAC H 10.0.0.3 f0/3 VLAN 1
    S(config-if)#
    Sw(config-if)#switchport
    switchportmode
    modeaccess
    access
    S(config-if)#
    Sw(config-if)#ip
    ipverify
    verifysource
    source port-security
    Sw(config-if)#
    S(config)# ip source
    switchport
    binding
    mode
    MAC_H
    access
    vlan 1 10.0.0.3 inteface f0/3
    10.0.0.3
    Sw(config-if)# switchport port-security
    H
    Sw(config-if)# switchport port-security maximum 1
    Sw(config-if)# switchport port-security mac-address MAC_H
    Echo Request
    Sw(config-if)# switchport port-security violation shutdown
    IP Source Guard

    A B

    10.0.0.1 10.0.0.2
    10.0.0.1

    MAC A 10.0.0.1 f0/1 VLAN 1

    DHCP

    Internet
    Routing Table

    10.0.0.0/8 via 20.0.0.1


    Proxy ARP 20.0.0.0/8 f0/0
    30.0.0.0/8 via f0/1

    R3 30.0.0.9 B
    Data 10.0.0.2 30.0.0.9 H G G
    t
    ues 20.0.0.3
    Re q
    10.0.0.0 ARP
    no ip proxy-arp
    .2 .1
    A R1 H
    f0/1
    ARP
    Re q
    u es
    t
    Routing Table
    R2
    10.0.0.0/8 f0/0
    20.0.0.0/8 f0/1 Routing Table
    20.0.0.3
    30.0.0.0/8 via f0/1
    10.0.0.0/8 via 20.0.0.1
    R1# show arp
    IP MAC Int 20.0.0.0/8 f0/0
    30.0.0.9
    20.0.0.3 G f0/1
    30.0.0.8 G f0/1
    30.0.0.7 G f0/1
    30.0.0.6 G f0/1
    Outbound Interface IP Next-hop

    Routing Table Routing Table

    30.0.0.0/24 f0/1 30.0.0.0/24 via 20.0.0.3

    R1# show arp R1# show arp


    30.0.0.3 MAC_R3 f0/1 20.0.0.3 MAC_R3 f0/1
    30.0.0.4 MAC_R3 f0/1
    30.0.0.5 MAC_R3 f0/1
    30.0.0.6 MAC_R3 f0/1
    30.0.0.7 MAC_R3 f0/1

    You might also like