1 ip arp-security updateprotect, 2 ipv6 nd-security updateprotect, Ip arp – PLANET XGS3-24042 User Manual

21-9

Chapter 21 Commands for Preventing

ARP, ND Spoofing

21.1 ip arp-security updateprotect

Command:

ip arp-security updateprotect

no ip arp-security updateprotect

Function:

Forbid ARP table automatic update. The "no ip arp-security updateprotect” command re-enables

ARP table automatic update.

Default:

ARP table automatic update.

Command Mode:

Global Mode/ Interface configuration.

User Guide:

Forbid ARP table automatic update, the ARP packets conflicting with current ARP item (e.g. with

same IP but different MAC or port) will be dropped, the others will be received to update aging timer

or create a new item; so, the current ARP item keep unchanged and the new item can still be

learned.

Example:

Switch(Config-if-Vlan1)#ip arp-security updateprotect.

Switch(config)#ip arp-security updateprotect.

21.2 ipv6 nd-security updateprotect

Command:

ipv6 nd-security updateprotect

no ipv6 nd-security updateprotect

Function:

Forbid ND automatic update function of IPv6 Version, the “no ipv6 nd-security updateprotect”

command re-enables ND automatic update function.