3 prevent arp spoofing example, Revent, Poofing – PLANET WGSW-52040 User Manual
Page 246: Xample
3. Function on changing dynamic ARP to static ARP
Command Explanation
Global Mode and Port Mode
ip arp-security convert
Change dynamic ARP to static ARP.
28.3 Prevent ARP Spoofing Example
Switch
A B
C
Equipment Explanation
Equipment
Configuration
Quality
switch
IP:192.168.2.4; mac: 00-00-00-00-00-04
1
A
IP:192.168.2.1; mac: 00-00-00-00-00-01
1
B
IP:192.168.1.2; mac: 00-00-00-00-00-02
1
C
IP:192.168.2.3; mac: 00-00-00-00-00-03
some
There is a normal communication between B and C on above diagram. A wants switch to
forward packets sent by B to itself, so need switch sends the packets transfer from B to A.
firstly A sends ARP reply packet to switch, format is: 192.168.2.3, 00-00-00-00-00-01, mapping
its MAC address to C’s IP, so the switch changes IP address when it updates ARP list., then
data packet of 192.168.2.3 is transferred to 00-00-00-00-00-01 address (A MAC address).
In further, a transfers its received packets to C by modifying source address and destination
address, the mutual communicated data between B and C are received by A unconsciously.
Because the ARP list is update timely, another task for A is to continuously send ARP reply
packet, and refreshes switch ARP list.
28-25