disable ip-security arp gratuitous-protection

disable ip-security arp gratuitous-protection [dynamic | {vlan} vlan_name |all ]

Description

Disables gratuitous ARP protection on one or all VLANs on the switch.

Syntax Description

all Specifies all VLANs configured on the switch.
vlan-name Specifies the VLAN.
dynamic Configuration options for dynamically created VLANs.

Default

By default, gratuitous ARP protection is disabled.

Usage Guidelines

Beginning with ExtremeXOS 11.6, this command replaces the disable iparp gratuitous protect vlan command.

Hosts can launch man-in-the-middle attacks by sending out gratuitous ARP requests for the router's IP address. This results in hosts sending their router traffic to the attacker, and the attacker forwarding that data to the router. This allows passwords, keys, and other information to be intercepted.

To protect against this type of attack, the router will send out its own gratuitous ARP request to override the attacker whenever a gratuitous ARP broadcast with the router's IP address as the source is received on the network.

This command disables gratuitous ARP protection.

Example

The following command disables gratuitous ARP protection for VLAN corp:

disable ip-security arp gratuitous-protection vlan corp

History

This command was first available in ExtremeXOS 11.6.

Dynamic VLAN option added in ExtremeXOS 30.2.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.