enable iparp gratuitous protect

enable iparp gratuitous protect [ {vlan} vlan_name | vlan vlan_list]

Description

Enables gratuitous ARP protection on the specified VLAN.

Syntax Description

vlan_name Specifies the VLAN.
vlan_list Specifies a VLAN list of IDs.

Default

By default, gratuitous ARP is disabled.

Usage Guidelines

Beginning with ExtremeXOS 11.6, this command replaces this command for configuring gratuitous ARP.

Hosts can launch man-in-the-middle attacks by sending out gratuitous ARP requests for the router's IP address. This results in hosts sending their router traffic to the attacker, and the attacker forwarding that data to the router. This allows passwords, keys, and other information to be intercepted.

To protect against this type of attack, the router will send out its own gratuitous ARP request to override the attacker whenever a gratuitous ARP broadcast with the router's IP address as the source is received on the network.

Example

The following example enables gratuitous ARP protection for VLAN corp:

enable iparp gratuitous protect vlan corp

History

This command was first available in ExtremeXOS 11.2.

The vlan_list option was added in ExtremeXOS 16.1.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.