Arp Detect - TP-Link T3700G-52TQ User Manual

ARP Flooding Attack

The attacker broadcasts a mass of various fake ARP packets in a network segment to occupy
the network bandwidth viciously, which results in a dramatic slowdown of network speed.
Meantime, the Gateway learns the false IP address-to-MAC address mapping entries from
these ARP packets and updates its ARP table. As a result, the ARP table is fully occupied by the
false entries and unable to learn the ARP entries of legal Hosts, which causes that the legal
Hosts cannot access the external network.
The IP-MAC Binding function allows the switch to bind the IP address, MAC address, VLAN ID
and the connected Port number of the Host together when the Host connects to the switch.
Basing on the predefined IP-MAC Binding entries, the ARP Inspection functions to detect the
ARP packets and filter the illegal ARP packet so as to prevent the network from ARP attacks.
The ARP Inspection function is implemented on the ARP Detect, ARP Defend and ARP
Statistics pages.

14.3.1 ARP Detect

ARP Detect feature enables the switch to detect the ARP packets basing on the bound entries
in the IP-MAC Binding Table and filter the illegal ARP packets, so as to prevent the network
from ARP attacks, such as the Network Gateway Spoofing and Man-In-The-Middle Attack, etc.
Choose the menu Network Security→ARP Inspection→ARP Detect to load the following page.
Figure 14-14 ARP Detect
Configuration Procedure:
1) In the Global Configuration section, enable or disable the following features.
2) In the Enable VLAN section, enable ARP Detect for the VLAN.
345