If an AP is enabled to send ARP/ND proxy packets for a STA before the STA succeeds in authentication or key negotiation, the Layer 2 switch connected to the AP will learn the MAC address of the STA. If an attack floods thousands of STA MAC addresses, the MAC address table on the switch will be seriously corrupted, bringing security risks. To avoid this issue, you can run the undo sta arp-nd-proxy before-assoc command to configure the AP to send ARP/ND proxy packets for a STA after the STA succeeds in authentication or key negotiation.
In scenarios with low security requirements, you can run the sta arp-nd-proxy before-assoc command to configure the AP to send ARP/ND proxy packets for a STA before the STA is successfully associated to improve link update efficiency.
The system view is displayed.
The WLAN view is displayed.
An AP system profile is created, and the AP system profile view is displayed.
By default, the system provides the AP system profile default.
The device is configured to send ARP/ND proxy packets for a STA after the STA is successfully associated.
By default, an AP does not send ARP/ND proxy packets for a STA before the STA is successfully associated.
Return to the WLAN view.