Also, ARP inspection uses the dhcp snooping binding table to see if the IP address and the MAC address of PC which is connected to the port matched the dhcp snooping binding table. If it does not, the switch will not forward the packet out of its interfaces.
Example
In this example, we first enable the dhcp snooping and the arp inspection on the switch. After the dhcp snooping gets the MAC Address and IP address of the PC, we statically change the IP address from 192.168.1.11 to 192.168.12 in order to violate the dhcp snooping binding table. We can see the log below to have better understanding.
Switch#sh ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
------------------ --------------- ---------- ------------- ---- --------------------
00:14:22:F9:B3:3D 192.168.1.11 86255 dhcp-snooping 10 FastEthernet0/7
Total number of bindings: 1
Switch#
When changing the IP address of the PC to 192.168.1.12 statically, the result is violating the dhcp snooping table. So that the arp inspection is not passed. We can see it in the syslog that DHCP_SNOOPING_DENY. Therefore, the PC cannot connect to the network.
Syslog message
20:35:05: ARP Packet (Fa0/7/10) Src: 0014.22f9.b33d, Dst: ffff.ffff.ffff, SM: 0014.22f9.b33d, SI: 192.168.1.12, TM: 0000.0000.0000, TI: 192.168.1.1
20:35:05: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/7, vlan 10.([0014.22f9.b33d/192.168.1.12/0000.0000.0000/192.168.1.1/20:35:05 UTC Mon Mar 1 1993])
Thank you for sharing. Your blog has given me that thing which I never expect to get from all over the websites. Nice post guys!
ReplyDeleteMelbourne SEO Services