Dynamic Host Configuration Protocol (DHCP) | 329Invalid ARP Replies : 0FTOS#Bypass the ARP InspectionYou can configure a port to skip ARP inspection by defining the interface as trusted, which is useful inmulti-switch environments. ARPs received on trusted ports bypass validation against the binding table. Allports are untrusted by default.Source Address ValidationUsing the DHCP binding table, FTOS can perform three types of source address validation (SAV):• IP Source Address Validation prevents IP spoofing by forwarding only IP packets that have beenvalidated against the DHCP binding table.• DHCP MAC Source Address Validation verifies a DHCP packet’s source hardware address matchesthe client hardware address field (CHADDR) in the payload.• IP+MAC Source Address Validation verifies that the IP source address and MAC source address are alegitimate pair.IP Source Address ValidationIP Source Address Validation (SAV) prevents IP spoofing by forwarding only IP packets that have beenvalidated against the DHCP binding table. A spoofed IP packet is one in which the IP source address isstrategically chosen to disguise the attacker. For example, using ARP spoofing an attacker can assume alegitimate client’s identity and receive traffic addressed to it. Then the attacker can spoof the client’s IPaddress to interact with other clients.Task Command Syntax Command ModeSpecify an interface as trusted so that ARPs are notvalidated against the binding table.arp inspection-trust INTERFACEFTOS Behavior: Introduced in FTOS version 8.2.1.0, Dynamic ARP Inspection (DAI) was available forLayer 3 only. FTOS version 8.2.1.1 extends DAI to Layer 2.