Configuration Guide Gateway Anti-arp-spoofing Configuration
Gateway Anti-Arp-spoofing
Configuration
Overview
On a Layer 2 switch, ARP packets are broadcasted within this VLAN by default. This
makes gateway ARP spoofing possible.
Gateway ARP spoofing means as that when User A sends an ARP packet to request
the MAC address of a gateway, User B in the same VLAN will receive this ARP
packet. User B may send an ARP response packet and fill in the source IP address
of the packet with the IP address of the gateway and in the source MAC address with
its own MAC address. Upon receiving this ARP response packet, User A will consider
User B’s machine as the gateway. Thus, all the packets sent to the gateway within
the communication of User A will be sent to User B. Consequently, communication of
User A is intercepted and results in ARP spoofing.
Thus, we may configure gateway anti-arp-spoofing on the Layer 2 switches to
prevent the gateway anti-ARP-spoofing. After gateway anti-arp-spoofing has been
configured, we may check at the port whether the source IP address of an ARP
packet is the IP address of the gateway we have configured. If it is, this packet will be
discarded to prevent an user to receive a wrong ARP response packet. Thus, only
the device connected with the switch can deliver the ARP packets of the gateway.
Other PCs cannot send any counterfeit ARP response packet of the gateway.
Configuration
Setting Gateway Anti-arp-spoofing
Set the IP address of gateway anti-arp-spoofing:
To Next Page
Loading...
