Dynamic ARP inspection

sharathkombathula · ‎09-01-2007

we want to enable dynamic arp inspection to disable ARP poisoning in our Local LAN. We are using cat 2960 series switches. I am unable to locate any commands relevant to DAI in cat 2960. we are using the latest software image.Appreciate if anyone can point us in the right direction

Thanks in Advance

mohammedmahmoud · ‎09-01-2007

Hi,

AFAIK, Dynamic ARP Inspection is not supported on the Catalyst 2960.

[edit] i've double checked and it is only supported on the Catalyst 6500/4500/3550/3560/3750, please use the feature navigator for checking.

HTH,

Mohammed Mahmoud.

sharathkombathula · ‎09-01-2007

Is there a way or a work around that I can try to stop ARP poisoning at switch level. I tried enabling port security but without any luck. Any help in this regard is greatly appreciated

Thanks in Advance

mohammedmahmoud · ‎09-01-2007

Hi,

With the 2960, your best bet is Port security:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2960/12240se/scg/swtrafc.htm#wp1038501

And benefit from the part stating that if a station with a secure MAC address configured or learned on one secure port attempts to access another secure port, a violation is flagged.

HTH,

Mohammed Mahmoud.

Joseph W. Doherty · ‎09-01-2007

Release Notes for the Catalyst 3750, 3560, 2970, and 2960 Switches, Cisco IOS Release 12.2(40)SE have, in table 7:

Dynamic ARP inspection (IP services image [formerly known as the EMI] only)

12.2(20)SE

3750 and 3560

If you have the IP service image, you could try the commands listed in: http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configuration_guide_chapter09186a00808a9951.html