Dell M8024 Network Card User Manual


 
Introduction 19
Dynamic ARP Inspection
Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. The
feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for
other stations by poisoning the ARP caches of its unsuspecting neighbors. The miscreant sends ARP
requests or responses mapping another station's IP address to its own MAC address.
Dynamic ARP Inspection relies on DHCP Snooping.
MLD Snooping
In IPv4, Layer 2 switches can use IGMP Snooping to limit the flooding of multicast traffic by
dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces
associated with IP multicast address.
In IPv6, MLD snooping performs a similar function. With MLD snooping, IPv6 multicast data is
selectively forwarded to a list of ports intended to receive the data (instead of being flooded to all of the
ports in a VLAN). This list is constructed by snooping IPv6 multicast control packets.
IGMP Snooping
Internet Group Management Protocol (IGMP) Snooping is a feature that allows a switch to forward
multicast traffic intelligently on the switch. Multicast IP traffic is traffic that is destined to a host group.
Host groups are identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255. Based
on the IGMP query and report messages, the switch forwards traffic only to the ports that request the
multicast traffic. This prevents the switch from broadcasting the traffic to all ports and possibly affecting
network performance.
Port Mirroring
Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing
packets from up to four source ports to a monitoring port.
Broadcast Storm Control
When Layer 2 frames are forwarded, broadcast, unknown unicast, and multicast frames are flooded to all
ports on the relevant virtual local area network (VLAN). The flooding occupies bandwidth, and loads all
nodes connected on all ports. Storm control limits the amount of broadcast, unknown unicast, and
multicast frames accepted and forwarded by the switch.