Scribd
Upload
36 views11 pages

ARP, DAI, IP Source Guard

The document discusses Address Resolution Protocol (ARP) and how it works to resolve IP addresses to MAC addresses on local area networks. It provides examples of ARP requests and replies between devices, shows ARP cache entries, and describes how to clear the ARP cache. It also covers related topics like gratuitous ARP, ARP poisoning, dynamic ARP inspection, IP source guard, proxy ARP, and routing between networks using ARP.

Uploaded by

Jack Cord
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
36 views11 pages

ARP, DAI, IP Source Guard

The document discusses Address Resolution Protocol (ARP) and how it works to resolve IP addresses to MAC addresses on local area networks. It provides examples of ARP requests and replies between devices, shows ARP cache entries, and describes how to clear the ARP cache. It also covers related topics like gratuitous ARP, ARP poisoning, dynamic ARP inspection, IP source guard, proxy ARP, and routing between networks using ARP.

Uploaded by

Jack Cord
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

ARP

ARP Request A FFFF.FFFF.FFFF

ARP Reply G A

Gratuitous ARP G FFFF.FFFF.FFFF

f0/0 f0/1
A G H B
10.0.0.2
10.0.0.3
10.0.0.1 20.0.0.1

Data 10.0.0.1 Data


10.0.0.2 10.0.0.2
A G 10.0.0.1 G A
C:\> ping 10.0.0.2

ARP Table
10.0.0.2
10.0.0.3 G
R1# clear arp-cache 20.0.0.1
Default Gateway
R1# clear arp-cache interface f0/0
R1# clear ip arp 20.0.0.1
R1# show arp
Protocol Address Age(min) Hardware Addr Type Interface
Internet 20.0.0.1 - c200.07c4.0000 ARPA F0/1
R# ping 20.0.0.1
ARP Cache !!!!!
ARP resolution .!!!!

f0/0 f0/1
A G H B
10.0.0.2
10.0.0.1 20.0.0.1

Data 10.0.0.1 Data


20.0.0.1 10.0.0.1
A G 20.0.0.1 H
A B
G
C:\> ping 20.0.0.1
Default Gateway: 10.0.0.2
ARP
A B

10.0.0.1 10.0.0.1

NAT

Internet

NAT# show arp


Protocol Address Age(min) Hardware Addr Type Interface
Internet 10.0.0.1 - 0000.0000.000A
0000.0000.000B ARPA F0/1
192.168.2.0/24

192.168.1.0/24 192.168.3.0/24
Gratuitous ARP
B B
Gratuitous ARP
0s
2s
4s B B

B B

A
ARP poison
ARP Table ARP Table
10.0.0.2 B
H 10.0.0.1 A
H

A B

10.0.0.1 10.0.0.2
10.0.0.1 10.0.0.2 A H 10.0.0.2 10.0.0.1 B H
10.0.0.2 - H 10.0.0.1 - H
A B

Gratuitous ARP
Dynamic ARP Inspection
ARP Table ARP Table
10.0.0.2 B 10.0.0.1 A

Sw(config)# ip dhcp snooping


A ip dhcp snooping vlan 1 B
Sw(config)#
Sw(config)# ip arp inspection filter vlan 1
10.0.0.1
Sw(config)# 10.0.0.2src-mac ip
ip arp inspection validate

10.0.0.2 - H 10.0.0.1 - H
ARP Reply ARP Reply

MAC H 10.0.0.3 f0/3 VLAN 1


Sw(config)#
Sw(config-if)#
show ip dhcparp
snooping
ip
access-list
arp binding
inspection
abc trust
show ip arp inspection
Sw(config-arp-acl)# permit
interfaces
ip host 10.0.0.3 mac host MAC_H
show ip arp inspection vlan 10
clear ip arpip
Sw(config)# inspection 10.0.0.3
arp inspection filter abc vlan 1
show interface
Sw(config)# ip status
arp inspection
err-disabled
validate
H src-mac ip

Gratuitous ARP
IP Source Guard

A B

10.0.0.1 10.0.0.2
Sw# show ip verify source [interface f0/1]
Sw# show ip source binding Segment 10.0.0.1 10.0.0.2

Sw(config)# ip dhcp snooping


Sw(config)# ip dhcp snooping vlan 1
MAC H 10.0.0.3 f0/3 VLAN 1
S(config-if)#
Sw(config-if)#switchport
switchportmode
modeaccess
access
S(config-if)#
Sw(config-if)#ip
ipverify
verifysource
source port-security
Sw(config-if)#
S(config)# ip source
switchport
binding
mode
MAC_H
access
vlan 1 10.0.0.3 inteface f0/3
10.0.0.3
Sw(config-if)# switchport port-security
H
Sw(config-if)# switchport port-security maximum 1
Sw(config-if)# switchport port-security mac-address MAC_H
Echo Request
Sw(config-if)# switchport port-security violation shutdown
IP Source Guard

A B

10.0.0.1 10.0.0.2
10.0.0.1

MAC A 10.0.0.1 f0/1 VLAN 1

DHCP

Internet
Routing Table

10.0.0.0/8 via 20.0.0.1


Proxy ARP 20.0.0.0/8 f0/0
30.0.0.0/8 via f0/1

R3 30.0.0.9 B
Data 10.0.0.2 30.0.0.9 H G G
t
ues 20.0.0.3
Re q
10.0.0.0 ARP
no ip proxy-arp
.2 .1
A R1 H
f0/1
ARP
Re q
u es
t
Routing Table
R2
10.0.0.0/8 f0/0
20.0.0.0/8 f0/1 Routing Table
20.0.0.3
30.0.0.0/8 via f0/1
10.0.0.0/8 via 20.0.0.1
R1# show arp
IP MAC Int 20.0.0.0/8 f0/0
30.0.0.9
20.0.0.3 G f0/1
30.0.0.8 G f0/1
30.0.0.7 G f0/1
30.0.0.6 G f0/1
Outbound Interface IP Next-hop

Routing Table Routing Table

30.0.0.0/24 f0/1 30.0.0.0/24 via 20.0.0.3

R1# show arp R1# show arp


30.0.0.3 MAC_R3 f0/1 20.0.0.3 MAC_R3 f0/1
30.0.0.4 MAC_R3 f0/1
30.0.0.5 MAC_R3 f0/1
30.0.0.6 MAC_R3 f0/1
30.0.0.7 MAC_R3 f0/1

You might also like