...
| Table of Contents |
|---|
...
However, if ARP inspection is enabled in the VLAN with DHCP relay enabled, DHCP snooping is also required in this same VLAN for ARP inspection to work properly. The system uses the DHCP relay snooping table to generate ARP entries for ARP inspection.
...
- On Pica8 Switch, the interfaces ge-1/1/1 and ge-1/1/2 are in VLAN 2.
- Enable DHCP snooping on VLAN 2.
- Configure the interface connected to the DHCP server (ge-1/1/2) as the DHCP snooping trust interface.
- To prevent man-in-the-middle attacks and prevent the ARP table entries of legitimate users on the device being maliciously modified, enable ARP inspection in VLAN 2.
Figure 1 Dynamic ARP Inspection Network
Procedure
Step1 Configure VLAN.
...