3 prevent arp spoofing example, Revent, Poofing – PLANET WGSW-52040 User Manual

3. Function on changing dynamic ARP to static ARP

Command Explanation

Global Mode and Port Mode

ip arp-security convert

Change dynamic ARP to static ARP.

28.3 Prevent ARP Spoofing Example

Switch

A B

C

Equipment Explanation

Equipment

Configuration

Quality

switch

IP:192.168.2.4; mac: 00-00-00-00-00-04

1

A

IP:192.168.2.1; mac: 00-00-00-00-00-01

1

B

IP:192.168.1.2; mac: 00-00-00-00-00-02

1

C

IP:192.168.2.3; mac: 00-00-00-00-00-03

some

There is a normal communication between B and C on above diagram. A wants switch to

forward packets sent by B to itself, so need switch sends the packets transfer from B to A.

firstly A sends ARP reply packet to switch, format is: 192.168.2.3, 00-00-00-00-00-01, mapping

its MAC address to C’s IP, so the switch changes IP address when it updates ARP list., then

data packet of 192.168.2.3 is transferred to 00-00-00-00-00-01 address (A MAC address).

In further, a transfers its received packets to C by modifying source address and destination

address, the mutual communicated data between B and C are received by A unconsciously.

Because the ARP list is update timely, another task for A is to continuously send ARP reply

packet, and refreshes switch ARP list.

28-25