Disable Iparp Gratuitous Protect - Extreme Networks ExtremeWare XOS Command Reference Manual

Software version 11.5

Hide thumbs Also See for ExtremeWare XOS:

Table of Contents

ExtremeWare XOS 11.5 supports only the Summit X450 family of switches and the BlackDiamond 8800 series switch.

disable iparp gratuitous protect

disable iparp gratuitous protect vlan <vlan-name>

Disables gratuitous ARP protection on the specified VLAN.

Syntax Description

Specifies the VLAN.

Usage Guidelines

Hosts can launch man-in-the-middle attacks by sending out gratuitous ARP requests for the router's IP

address. This results in hosts sending their router traffic to the attacker, and the attacker forwarding that

data to the router. This allows passwords, keys, and other information to be intercepted.

To protect against this type of attack, the router will send out its own gratuitous ARP request to

override the attacker whenever a gratuitous ARP broadcast with the router's IP address as the source is

received on the network. Also, the switch will add a MAC ACL to blackhole the offending host.

This command disables gratuitous ARP protection.

The following command disables gratuitous ARP protection for VLAN corp:

disable iparp gratuitous protect vlan corp

This command was first available in ExtremeWare XOS 11.2.

Platform Availability

This command is available on all platforms.

ExtremeWare XOS 11.5 Command Reference Guide

Extremeware xos 11.5