Configuring ARP attack detection

This feature is supported only on the following ports:

• Layer 2 Ethernet ports on the following modules:

  • HMIM-8GSW.

  • HMIM-8GSWF.

  • HMIM-24GSW.

  • HMIM-24GSW-PoE.

  • SIC-4GSW.

  • SIC-4GSWP.

• Fixed Layer 2 Ethernet ports on the following routers:

  • MSR1002-4

  • MSR1003-8S.

  • MSR2004-24

  • MSR2004-48.

  • MSR954 (JH296A/JH297A/JH298A/JH299A/JH373A).

  • MSR958 (JH300A/JH301A).

ARP attack detection enables access devices to block ARP packets from unauthorized clients to prevent user spoofing and gateway spoofing attacks. ARP attack detection does not check ARP packets received from ARP trusted interfaces.

ARP attack detection provides the following features:

• User validity check.

• ARP packet validity check.

• ARP restricted forwarding.

If both ARP packet validity check and user validity check are enabled, the former one applies first, and then the latter applies.