The IAD will be used to protect us from ARP Spoofing and Man-and-the-middle attacks
It's a security that validates ARP packages in our network.
If the IAD intercepts a frame with an invalid IP-MAC combination it will:
– Intercept the frame (intercept)
– Create an event (log)
– Throw ingit the frame (Discard)
The purpose of ARP Spoofing is to pollute the ARP tables of the equipment on our network in order to make man-and-the-middle.
Reminder: ARP Table – Relationship between an IP address and a MAC address
Reminder: Man-and-the-middle – Listening to networks without users noticing
– Our VLAN 100 supports the 192.168.1.0/24 network
– Our hacker logs on to a port of our switch and will send in broadcast:
IP 192.168.1.1 is me! This is my MAC address.
IP 192.168.1.2 is me! This is my MAC address.
Ip 192.168.1.3 is me! This is my MAC address.
IP 192.168.1.254 is me! This is my MAC address.
Result: All frames circulating in our VLAN will be sent to the Pirate …
Step 1: Activate the IAD on our Vlans
Switch (config) ip arp inspection vlan 1-100,200,300
Step 2: Specify our trusted equipment
To do this, two Methods:
Switch (config) - GigabitEthernet interface 0/1 Switch (config-if) ip arp inspection trust
Switch (config) - ip arp inspection vlan 100 Switch (config) - arp access-list Finger Switch (config-acl) permit ip host 192.168.1.1 mac host 1111.1111.1111 Switch (config-acl) - exit Switch (config) - ip arp inspection filter Finger vlan 100
Hoping this article has been helpful to you! Don't hesitate to let me know!!
This site has other network items, take the opportunity to browse the menu bar!