2 prevent arp spoofing configuration, Revent, Poofing configuration – PLANET WGSW-52040 User Manual

spoofing. ARP spoofing accesses normal network environment by counterfeiting legal IP

address firstly, and sends a great deal of counterfeited ARP application packets to switches,

after switches learn these packets, they will cover previously corrected IP, mapping of MAC

address, and then some corrected IP, MAC address mapping are modified to correspondence

relationship configured by attack packets so that the switch makes mistake on transfer packets,

and takes an effect on the whole network. Or the switches are made used of by vicious

attackers, and they intercept and capture packets transferred by switches or attack other

switches, host computers or network equipment.

What the essential method on preventing attack and spoofing switches based on ARP in

networks is to disable switch automatic update function; the cheater can’t modify corrected

MAC address in order to avoid wrong packets transfer and can’t obtain other information. At

one time, it doesn’t interrupt the automatic learning function of ARP. Thus it prevents ARP

spoofing and attack to a great extent.

28.2 Prevent ARP Spoofing configuration

The steps of preventing ARP spoofing configuration as below:

1. Disable ARP automatic update function

2. Disable ARP automatic learning function

3. Changing dynamic ARP to static ARP

1. Disable ARP automatic update function

Command Explanation

Global Mode and Port Mode

ip arp-security updateprotect

no ip arp-security updateprotect

Disable and enable ARP automatic update

function.

2. Disable ARP automatic learning function

Command Explanation

Global mode and Interface Mode

ip arp-security learnprotect

no ip arp-security learnprotect

Disable and enable ARP automatic learning

function.

28-24