To bypass the ARP inspection, use the following command.• Specify an interface as trusted so that ARPs are not validated against the binding table.INTERFACE modearp inspection-trustDynamic ARP inspection is supported on Layer 2 and Layer 3.Source Address ValidationUsing the DHCP binding table, Dell Networking OS can perform three types of source address validation (SAV).Table 25. Three Types of Source Address ValidationSource Address Validation DescriptionIP Source Address Validation Prevents IP spoofing by forwarding only IP packets that have beenvalidated against the DHCP binding table.DHCP MAC Source Address Validation Verifies a DHCP packet’s source hardware address matches theclient hardware address field (CHADDR) in the payload.IP+MAC Source Address Validation Verifies that the IP source address and MAC source address are alegitimate pair.Enabling IP Source Address ValidationIP source address validation (SAV) prevents IP spoofing by forwarding only IP packets that have been validated against the DHCP bindingtable.A spoofed IP packet is one in which the IP source address is strategically chosen to disguise the attacker. For example, using ARP spoofing,an attacker can assume a legitimate client’s identity and receive traffic addressed to it. Then the attacker can spoof the client’s IP addressto interact with other clients.The DHCP binding table associates addresses the DHCP servers assign with the port or the port channel interface on which the requestingclient is attached and the VLAN the client belongs to. When you enable IP source address validation on a port, the system verifies that thesource IP address is one that is associated with the incoming port and optionally that the client belongs to the permissible VLAN. If anattacker is impostering as a legitimate client, the source address appears on the wrong ingress port and the system drops the packet. If theIP address is fake, the address is not on the list of permissible addresses for the port and the packet is dropped. Similarly, if the IP addressdoes not belong to the permissible VLAN, the packet is dropped.To enable IP source address validation, use the following command.NOTE: If you enable IP source guard using the ip dhcp source-address-validation command and if there are moreentries in the current DHCP snooping binding table than the available CAM space, SAV may not be applied to all entries. Toensure that SAV is applied correctly to all entries, enable the ip dhcp source-address-validation command beforeadding entries to the binding table.• Enable IP source address validation.INTERFACE modeip dhcp source-address-validation• Enable IP source address validation with VLAN option.INTERFACE modeip dhcp source-address-validation vlan vlan-id312 Dynamic Host Configuration Protocol (DHCP)