mac

Commands for Preventing ARP Spoofing

293

Chapter 23 Commands for Preventing

ARP Spoofing

23.1 ip arp-security updateprotect

Command: ip arp-security updateprotect

no ip arp-security updateprotect

Function: Forbid ARP table automatic update. The "no ip arp-security updateprotect”

command re-enables ARP table automatic update.

Parameter: None.

Default: ARP table automatic update.

Command Mode: Global Mode/ Interface configuration.

User Guide: Forbid ARP table automatic update, the ARP packets conflicting with

current ARP item (e.g. with same IP but different MAC or port) will be dropped, the others

will be received to update aging timer or create a new item; so, the current ARP item

keep unchanged and the new item can still be learned.

Example:

Switch(Config-if-Vlan1)#ip arp-security updateprotect.

Switch(config)#ip arp-security updateprotect

23.2 ipv6 nd-security updateprotect

This command is not supported by the switch.

23.3 ip arp-security learnprotect

Command: ip arp-security learnprotect

no ip arp-security learnprotect

Function: Forbid ARP learning function of IPv4 Version, the “no ip arp-security

learnprotect” command re-enables ARP learning function.

Parameter: None.

Default: ARP learning enabled.

Command Mode: Global Mode/ Interface Configuration.

Usage Guide: This command is for preventing the automatic learning and updating of

ARP. Unlike ip arp-security updateprotect, once this command implemented, there will