Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1646
Views
0
Helpful
1
Replies

Dynamic ARP Inspections on Wifi Routers?

Go to solution
Stanko Jankovic
Level 1
Level 1

‎04-08-2015 03:22 AM - edited ‎07-05-2021 02:52 AM

Is Dynamic ARP inspection possible to be done on wifi routers? I'm asking because I can't find any model with that feature. I would especially be interested in some cheaper models for home or small business use (maybe Linksys).

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
George Stefanick
VIP Alumni
VIP Alumni

‎04-08-2015 03:08 PM

You could be better served posting this on the SOHO forum. Speaking to enterprise gear like the cisco WLC yes.

 

DAI for Wireless Access

The WLC protects against MIM attacks by performing a similar function as DAI on the WLC itself. DAI should not be enabled on the access switch for those VLANs connecting directly to the WLCs because the WLC uses GARP to support Layer 3 client roaming.

It is possible to enable DAI for each VLAN configured on a trunk between a FlexConnect and access point. Therefore, DAI is useful in wireless deployments where multiple SSIDs/VLANs exist on an FlexConnect. However, in an FlexConnect WLC deployment, there are two topologies that impact the effectiveness of the DAI feature. Both topologies assume that the attacker is associated to a FlexConnect WLC and is Layer 2-adjacent to the targets:

 

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob73dg/emob73/ch4_Secu.html#pgfId-1019449

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

0 Helpful
1 Reply 1

Go to solution
George Stefanick
VIP Alumni
VIP Alumni

‎04-08-2015 03:08 PM

You could be better served posting this on the SOHO forum. Speaking to enterprise gear like the cisco WLC yes.

 

DAI for Wireless Access

The WLC protects against MIM attacks by performing a similar function as DAI on the WLC itself. DAI should not be enabled on the access switch for those VLANs connecting directly to the WLCs because the WLC uses GARP to support Layer 3 client roaming.

It is possible to enable DAI for each VLAN configured on a trunk between a FlexConnect and access point. Therefore, DAI is useful in wireless deployments where multiple SSIDs/VLANs exist on an FlexConnect. However, in an FlexConnect WLC deployment, there are two topologies that impact the effectiveness of the DAI feature. Both topologies assume that the attacker is associated to a FlexConnect WLC and is Layer 2-adjacent to the targets:

 

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob73dg/emob73/ch4_Secu.html#pgfId-1019449

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card