562 Dell PowerConnect 55xx Systems User GuideFILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\DellContax\CxUGSwitching_ARP.fmD E L L C O N F I D E N T I A L – P R E L I M I N A R Y 9 / 1 1 / 1 2 - F O R P R O O F O N LYDynamic ARP Inspection OverviewARP Inspection eliminates man-in-the-middle attacks, where false ARPpackets are inserted into the subnet. ARP requests and responses areinspected, and their MAC-address-to-IP-address binding is checked accordingto the ARP Inspection List defined by the user (in theDynamic ARPInspection List andDynamic ARP Inspection Entries pages). If the packet’s IPaddress was not found in the ARP Inspection List, and DHCP Snooping isenabled for a VLAN, a search of the DHCP Snooping database is performed.See "How DHCP Snooping Works" on page 574 for an explanation of theDHCP Snooping database. If the IP address is found the packet is valid, and isforwarded.Packets with invalid ARP Inspection bindings are logged and dropped.Ports are classified as follows:• Trusted — Packets are not inspected.• Untrusted —Packets are inspected as described above.The following additional validation checks may be configured by the user:• Source MAC — Compares the packet’s source MAC address in theEthernet header against the sender’s MAC address in the ARP request.This check is performed on both ARP requests and responses.• Destination MAC — Compares the packet’s destination MAC address inthe Ethernet header against the destination interface’s MAC address. Thischeck is performed for ARP responses.• IP Addresses — Compares the ARP body for invalid and unexpected IPaddresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP Multicastaddresses.