ARP Poisoning

An Address Resolution Protocol (ARP) poisoning attack, also known as ARP spoofing, targets the ARP caches of devices connected to the subnet, with the goal of intercepting traffic. A malicious host might use one of the following tactics:
If the poisoning succeeds, traffic intended for the device under attack is instead routed to the attacker computer. The attacker has various options:
Two features protect against ARP poisoning.
Table 1. Comparison of ARP Guard and DAI

Aspect

DAI

ARP Guard

Flow-based

No. Applies to all VLAN ARP packets.

Flow-based, which can prevent high CPU load.

Per port

No. Applies to all VLAN ports.

Applied per port or VPLS end-point.

Rate-limiting

No rate-limiting option.

Rate limiting is supported.

TCAM load

Low TCAM load.

Medium TCAM load.