TP-Link Omada ER8411 VPN Router User Manual

Configuring Firewall

Firewall Configuration

User Guide 111

1) In the

General

section, enable ARP Spoofing Defense globally. With this option enabled,

the router can protect its ARP table from being falsified by ARP spoofing packets.

2) Choose whether to enable the two sub functions.

Permit the packets matching

the IP-MAC Binding entries only

With this option enabled, when receiving a packet, the router

will check whether the IP address, MAC address and receiving

interface match any of the IP-MAC Binding entries. Only the

matched packets will be forwarded.

Send GARP packets when ARP

attack is detected

With this option enabled, the router will send GARP packets to the

hosts if it detects ARP spoofing packets on the network. The GARP

packets will inform the hosts of the correct ARP information, which

is used to replace the wrong ARP information in the hosts.

Interval

If the

Send GARP packets when ARP attack is detected

is

enabled, configure the time interval for sending GARP packets. The

valid values are from 1 to 10000 milliseconds.

3) Click

Save

.

Note:

Before enabling “Permit the packets matching the IP-MAC Binding entries only”, you should make

sure that your management host is in the IP-MAC Binding list. Otherwise, you cannot log in to the Web

management page of the router. If this happens, restore your router to factory defaults and then log in

using the default login credentials.