Chapter 3
| Network Settings
ARP Inspection
– 61 –
ARP Inspection
ARP Inspection is a security feature that validates the MAC Address bindings for
Address Resolution Protocol packets. It provides protection against ARP traffic with
invalid MAC-to-IP address bindings, which forms the basis for certain “man-in-the
middle” attacks. This is accomplished by intercepting all ARP requests and
responses and verifying each of these packets before the local ARP cache is
updated or the packet is forwarded to the appropriate destination. Invalid ARP
packets are dropped.
Figure 39: ARP Inspection
The following items are displayed on this page:
ARP Inspection — When enabled, ARP packets are validated against ARP
spoofing.
Force DHCP — Allows the AP to only learn MAC/IP pair information through
DHCP packets. Since devices configured with static IP address do not send
DHCP traffic, any clients with static IP addresses will be blocked by the AP
unless their MAC/IP pair is listed and enabled in the Static Trust List.
Trust List Broadcast — Lets other APs learn the trusted MAC/IP pairs to issue
ARP requests.
Static Trust List — Adds the MAC or MAC/IP pairs of devices that are trusted
to issue ARP requests. Other network nodes can still send their ARP requests,
but if their IP appears in the static list with a different MAC, their ARP requests
will be dropped.
To Next Page
Loading...
