Manual
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
216
and takes an effect on the whole network. Or the switches are made used of by vicious
attackers, and they intercept and capture packets transferred by switches or attack other
switches, host computers or network equipment.
What the essential method on preventing attack and spoofing switches based on ARP in
networks is to disable switch automatic update function; the cheater can’t modify corrected
MAC address in order to avoid wrong packets transfer and can’t obtain other information. At
one time, it doesn’t interrupt the automatic learning function of ARP. Thus it prevents ARP
spoofing and attack to a great extent.
26.2 Prevent ARP Spoofing configuration
The steps of preventing ARP spoofing configuration as below:
1. Disable ARP automatic update function
2. Disable ARP automatic learning function
3. Changing dynamic ARP to static ARP
1. Disable ARP automatic update function
Command
Explanation
Global Mode and Port Mode
ip arp-security updateprotect
no ip arp-security updateprotect
Disable and enable ARP automatic update function.
2. Disable ARP automatic learning function
Command
Explanation
Global mode and Interface Mode
ip arp-security learnprotect
no ip arp-security learnprotect
Disable and enable ARP automatic learning
function.
3. Function on changing dynamic ARP to static ARP
Command
Explanation
Global Mode and Port Mode
ip arp-security convert
Change dynamic ARP to static ARP.