Enables gratuitous ARP protection on the specified VLAN.
vlan_name | Specifies the VLAN. |
vlan_list | Specifies a VLAN list of IDs. |
By default, gratuitous ARP is disabled.
Beginning with ExtremeXOS 11.6, this command replaces this command for configuring gratuitous ARP.
Hosts can launch man-in-the-middle attacks by sending out gratuitous ARP requests for the router's IP address. This results in hosts sending their router traffic to the attacker, and the attacker forwarding that data to the router. This allows passwords, keys, and other information to be intercepted.
To protect against this type of attack, the router will send out its own gratuitous ARP request to override the attacker whenever a gratuitous ARP broadcast with the router's IP address as the source is received on the network.
The following example enables gratuitous ARP protection for VLAN corp:
enable iparp gratuitous protect vlan corp
This command was first available in ExtremeXOS 11.2.
The vlan_list option was added in ExtremeXOS 16.1.
This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.