PLANET WGSW-52040 User Manual
Page 247
So it is very important to protect ARP list, configure to forbid ARP learning command in stable
environment, and then change all dynamic ARP to static ARP, the learned ARP will not be
refreshed, and protect for users.
Switch#config
Switch(config)#interface vlan 1
Switch(config-if-vlan1)#arp 192.168.2.1 00-00-00-00-00-01 interface ethernet 1/1
Switch(config-if-vlan1)#arp 192.168.2.2 00-00-00-00-00-02 interface ethernet 1/2
Switch(config-if-vlan1)#arp 192.168.2.3 00-00-00-00-00-03 interface ethernet 1/3
Switch(Config-If-Vlan3)#exit
Switch(Config)#ip arp-security learnprotect
Switch(Config)#
Switch(config)#ip arp-security convert
If the environment changing, it enable to forbid ARP refresh, once it learns ARP property, it
wont be refreshed by new ARP reply packet, and protect use data from sniffing.
Switch#config
Switch(config)#ip arp-security updateprotect
28-26