Table of Contents
Advertisement
spoofing. ARP spoofing accesses normal network environment by counterfeiting legal IP
address firstly, and sends a great deal of counterfeited ARP application packets to switches,
after switches learn these packets, they will cover previously corrected IP, mapping of MAC
address, and then some corrected IP, MAC address mapping are modified to correspondence
relationship configured by attack packets so that the switch makes mistake on transfer packets,
and takes an effect on the whole network. Or the switches are made used of by vicious
attackers, and they intercept and capture packets transferred by switches or attack other
switches, host computers or network equipment.
What the essential method on preventing attack and spoofing switches based on ARP in
networks is to disable switch automatic update function; the cheater can't modify corrected
MAC address in order to avoid wrong packets transfer and can't obtain other information. At
one time, it doesn't interrupt the automatic learning function of ARP. Thus it prevents ARP
spoofing and attack to a great extent.
28.2 Prevent ARP Spoofing configuration
The steps of preventing ARP spoofing configuration as below:
1.
Disable ARP automatic update function
2.
Disable ARP automatic learning function
3.
Changing dynamic ARP to static ARP
1. Disable ARP automatic update function
Command
Global Mode and Port Mode
ip arp-security updateprotect
no ip arp-security updateprotect
2. Disable ARP automatic learning function
Command
Global mode and Interface Mode
ip arp-security learnprotect
no ip arp-security learnprotect
Explanation
Disable and enable ARP automatic update
function.
Explanation
Disable and enable ARP automatic learning
function.
28-24
Advertisement
Table of Contents
Troubleshooting
