195
Chapter 17 Commands for Preventing
ARP Spoofing
17.1 ip arp-security updateprotect
Command: ip arp-security updateprotect
no ip arp-security updateprotect
Function: Forbid ARP table automatic update. The "no ip arp-security updateprotect‖
command re-enables ARP table automatic update.
Parameter: None.
Default: ARP table automatic update.
Command Mode: Global Mode/ Interface configuration.
User Guide: Forbid ARP table automatic update, the ARP packets conflicting with current
ARP item (e.g. with same IP but different MAC or port) will be droped, the others will be
received to update aging timer or create a new item; so, the current ARP item keep
unchanged and the new item can still be learned.
Example:
Switch(Config-if-Vlan1)#ip arp-security updateprotect.
Switch(config)#ip arp-security updateprotect
17.2 ip arp-security learnprotect
Command: ip arp-security learnprotect
no ip arp-security learnprotect
Function: Forbid ARP learning function of IPv4 Version, the ―no ip arp-security
learnprotect‖ command re-enables ARP learning function.
Parameter: None.
Default: ARP learning enabled.
Command Mode: Global Mode/ Interface Configuration.
Usage Guide: This command is for preventing the automatic learning and updating of
ARP. Unlike ip arp-security updateprotect, once this command implemented, there will still
be timeout even if the switch keeps sending Request/Reply messages.
Example:
To Next Page
Loading...
