What Feature On Some Network Switches Can Be Used To Detect Faked Arp Messages?

What feature on some network switches can be used to detect faked Arp messages?

• DAI (dynamic ARP inspection).
• ARP cache poisoning.
• Packet inspection.
• Session management.

Answer: Dynamic ARP inspection is the network switches features that can be used to detect the faked ARP messages.

The Dynamic ARP inspection is the security function whose work is to remove the ARP packets that are invalid and suspicious. Its work is to keeps the man-in-the-middle attacks class, a place in which the station may interrupt the traffic of another station with the process of the poison of the neighbor ARP cache which is considered trustworthy. An ARP request or response mapping is sent by the lawbreaker to map another station’s IP address to its physical address (MAC address).

The DHCP snooping helps the DAI, as it listens to the DHCP message exchange and creates the valid tuple (MAC, IP address, VLAN interface) database. In the database of the DHCP snooping if the physical address and the IP address of the sender do not match, during the disable DAI, the ARP packets are dropped by the switch. Moreover, it can be resolved with the help of static mappings.it is essential when the static IP address is configured by the host and the switches do not run the DAI and the DHCP snooping also not running. On VLAN the static mapping associates the IP address to the physical address (MAC address).

The configuration of the DAI, the switch port has to be under the VLAN 100. the command to enable the DAI on VLAN 100 is:

Switch#conf t

Switch(config)#ip arp inspection vlan 100

The command to verify the number of dropped packets is:

 Switch#show ip arp inspection

 The DAI works in switch CPU as compared to the switch ASCI, the overutilization of the CPU in the switch helps the hackers to create ARP messages in a large number, and it is prevented by minimizing the DAI message rate.