TP-Link TL-R600VPN Configuration Manual page 101

Configuring Firewall
Follow the steps below to configure Anti ARP Spoofing rule:
1) In the General section, enable ARP Spoofing Defense globally. With this option enabled, the
router can protect its ARP table from being falsified by ARP spoofing packets.
2) Choose whether to enable the two sub functions.
Permit the packets matching
the IP-MAC Binding entries only
Send GARP packets when ARP
attack is detected
Interval
3) Click Save.
Note:
Before enabling "Permit the packets matching the IP-MAC Binding entries only", you should make
sure that your management host is in the IP-MAC Binding list. Otherwise, you cannot log in to the Web
management page of the router. If this happens, restore your router to factory defaults and then log in
using the default login credentials.
With this option enabled, when receiving a packet, the router
will check whether the IP address, MAC address and receiving
interface match any of the IP-MAC Binding entries. Only the
matched packets will be forwarded.
With this option enabled, the router will send GARP packets to the
hosts if it detects ARP spoofing packets on the network. The GARP
packets will inform the hosts of the correct ARP information, which
is used to replace the wrong ARP information in the hosts.
If the Send GARP packets when ARP attack is detected is
enabled, configure the time interval for sending GARP packets. The
valid values are from 1 to 10000 milliseconds.
Firewall Configuration
Configuration Guide 93