Configuring Defense Against ARP Spoofing Attacks

Pre-configuration Tasks

If an attacker sends bogus ARP packets to a network device or user host, the device or host modifies the local ARP entries, leading to packet forwarding failures. The function of defense against ARP spoofing attacks can prevent such attacks.

Before configuring defense against ARP spoofing attacks, connect interfaces and set physical parameters for the interfaces to ensure that the physical status of the interfaces is Up.

Configuration Procedure

Operations in the configuration procedure can be performed in any sequence.

Configuring ARP Entry Fixing

Configuring DAI

Configuring ARP Gateway Anti-Collision

Configuring Gratuitous ARP Packet Sending

Configuring ARP Gateway Protection

Configuring MAC Address Consistency Check in an ARP Packet

Configuring ARP Packet Validity Check

Configuring Strict ARP Learning

Configuring ARP Learning Triggered by DHCP

Configuring ARP Proxy on a VPLS Network

Verifying the ARP Spoofing Attack Defense Configuration