Drag and Drop
Drag and drop each feature that can protect against DHCP attacks from the left onto the correct description on the right.
Select and Place:
Drag and Drop
Drag and drop each feature that can protect against DHCP attacks from the left onto the correct description on the right.
Select and Place:
DHCP snooping – block DHCP messages from untrusted sources
Dynamic ARP inspection (DAI) – verifies IP-to-MAC traffic on untrusted ports
IP source guard – provides Layer 2 interface security with port ACLs
Port Security – Mitigate Mac-address spoofin at the access interface
DAI depends on the entries in the DHCP snooping binding database to verify IP-to-MAC address bindings in incoming ARP requests and ARP responses
IP Source Guard
IP source guard provides source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legitimate host by assuming the legitimate host’s IP address. The feature uses dynamic DHCP snooping and static IP source binding to match IP addresses to hosts on untrusted Layer 2 access ports.
IP source guard is a port-based feature that automatically creates an implicit port access control list (PACL).