mac

Chapter 12 Commands for Preventing

ARP Spoofing

12.1 ip arp-security updateprotect

Command: ip arp-security updateprotect

no ip arp-security updateprotect

Function: Forbid ARP table automatic update. The "no ip arp-security updateprotect‖

command re-enables ARP table automatic update.

Parameter: None.

Default: ARP table automatic update.

Command Mode: Global Mode/ Interface configuration.

User Guide: Forbid ARP table automatic update, the ARP packets conflicting with current

ARP item (e.g. with same IP but different MAC or port) will be dropped, the others will be

received to update aging timer or create a new item; so, the current ARP item keep

unchanged and the new item can still be learned.

Example:

Switch(Config-if-Vlan1)#ip arp-security updateprotect.

Switch(config)#ip arp-security updateprotect

12.2 ipv6 nd-security updateprotect

This command is not supported by the switch.

12.3 ip arp-security learnprotect

Command: ip arp-security learnprotect

no ip arp-security learnprotect

Function: Forbid ARP learning function of IPv4 Version, the ―no ip arp-security

learnprotect‖ command re-enables ARP learning function.

Parameter: None.

Default: ARP learning enabled.

Command Mode: Global Mode/ Interface Configuration.

Usage Guide: This command is for preventing the automatic learning and updating of