Phenomenon of intermittent Internet access failure on AR2240 caused by ARP attack

Possible causes:
Sources of ARP attacks exist in the intranet and occupy the Internet access resources of normal users, causing intermittent Internet access failure.
Recommended solution:
Intranet attacks are mainly attacks from some Layer 2 packets using the ARP protocol. The attacks affect Internet access of users. The main anti-attack means is ARP anti-attack.
Strictly learn ARP entries, which means that the router learns only the response packets corresponding to the ARP request packets the router sends. Run the arp learning strict command in the system view to configure ARP entry learning globally.
Configure ARP gateway conflict to prevent users from faking a gateway and causing other users to fail to access the Internet. Run the arp anti-attack gateway-duplicate enable command in the system view to enable the ARP gateway conflict anti-attack function globally.
To protect user packets to be normally forwarded to a gateway and not be intercepted, configure the router to send free ARP packets and refresh the gateway MAC address in an ARP entry periodically. Run the arp gratuitous-arp send enable command in the system view to configure the free ARP packet transmission function globally. By default, the free ARP packets are sent at an interval of 90s.

For details, see the URL ARP attacks lead to AR2240 under the intermittent users can not access the phenomenon of external network
.

Scroll to top