Table of Contents
Advertisement
3. Function on changing dynamic ARP to static ARP
Command
Global Mode and Port Mode
ip arp-security convert
28.3 Prevent ARP Spoofing Example
A
Equipment Explanation
Equipment
Configuration
switch
IP:192.168.2.4;
A
IP:192.168.2.1;
B
IP:192.168.1.2;
C
IP:192.168.2.3;
There is a normal communication between B and C on above diagram. A wants switch to
forward packets sent by B to itself, so need switch sends the packets transfer from B to A.
firstly A sends ARP reply packet to switch, format is: 192.168.2.3, 00-00-00-00-00-01, mapping
its MAC address to C's IP, so the switch changes IP address when it updates ARP list., then
data packet of 192.168.2.3 is transferred to 00-00-00-00-00-01 address (A MAC address).
In further, a transfers its received packets to C by modifying source address and destination
address, the mutual communicated data between B and C are received by A unconsciously.
Because the ARP list is update timely, another task for A is to continuously send ARP reply
packet, and refreshes switch ARP list.
Explanation
Change dynamic ARP to static ARP.
Switch
C
mac: 00-00-00-00-00-04
mac: 00-00-00-00-00-01
mac: 00-00-00-00-00-02
mac: 00-00-00-00-00-03
28-25
B
Quality
1
1
1
some
Advertisement
Table of Contents
Troubleshooting
