cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
843
Views
5
Helpful
4
Replies

Dynamic ARP Inspection with no dhcp in environment

roliveira11
Level 1
Level 1

My question is in regards to Dynamic ARP Inspection. It was recommended that we enable it on our switches as part of the hardening process, but it uses the switch’s DHCP snooping database to allow ARP requests. As we do not use DHCP in the environment, it looks to me like I will have to manually add and remove the static IPs every time the environment is changed. Is there a better way to go about this? Basically we are looking for a control to help prevent ARP poisoning and IP spoofing on the network. We use Nexus switches attached to our VBlock, and there is no DHCP in the environment. 

 

Thanks in advance!

1 Accepted Solution

Accepted Solutions

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

I think we need DHCP enabled on the network and it is pre-requirement for the same. 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

4 Replies 4

There seems to be no way around it, if you want Dynamic ARP Inspection in an environment with no DHCP, you need to do manual work.

From the configuration guide, you still need the dhcp feature enabled though.

If you want DAI to use static IP-MAC address bindings to determine if ARP packets are valid, ensure that the DHCP snooping feature is enabled and that you have configured the static IP-MAC address bindings.”

Configuring Dynamic ARP Inspection

 

Thank you for the reply Hector! I really appreciate the validation!

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

I think we need DHCP enabled on the network and it is pre-requirement for the same. 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Thank you for the confirmation Deepak!!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: