How to configure ARP attack defense on S series switches

For S series switches (except S1700 switches), you can configure ARP security to prevent ARP attacks. A switch may receive a large number of ARP packets when acting as a gateway. In this case, configure ARP security on the switch to protect the gateway. For example, configure the rate limit on ARP packets and ARP Miss messages to prevent ARP flood attacks. E series switches do not support the rate limit on ARP Miss messages.
Common ARP attacks include:
ARP flood attack is also called Denial of Service (DoS) attack.
ARP spoofing attack: An attacker sends bogus ARP packets to network devices. The devices then modify ARP entries, causing communication failures.
ARP security protects network devices against ARP attacks by learning ARP entries, limiting the ARP packet rate, and checking ARP packets. In addition to preventing ARP protocol attacks, ARP security also prevents ARP-based network scanning attacks.

Scroll to top