Implement IP source guard and dynamic ARP inspection from DHCP snooping information

  • 6
  • Idea
  • Updated 5 years ago
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes

Posted 5 years ago

  • 6
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Nick,
Is there a specific problem you are trying to address with this request, or is this merely something you feel would be good to have in general?
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
The specific concern is mitigating common L2 attacks: ARP poisoning and to ensure that wireless clients are only able to use the IP address that is issued to them via DHCP and no other.

See the following video for reference (free sign-up required):
https://www.ciscolive365.com/connect/...

The problem, in my domain, is kids being able to ARP poison trivially without any thought or knowledge required, only intent.

http://www.ketv.com/MPS-Student-Hacks...