10-30-2019 02:52 AM - edited 02-21-2020 09:38 AM
Hello,
I am suffering against arp attacks into my Lan (Netcut - selfishnet). What configuration i must do in my CISCO SWITCH 2960 to stop this
10-30-2019 03:00 AM
Hi there,
Take a look at Dynamic ARP Inspection:
cheers,
Seb.
10-30-2019 03:23 AM
Could i drop all my VLans and conserve just this configuration to protect my Lan ? Because of massive attacks i configured VLans to limit attacks in some zones.
Now if i use this config, can i use my switch in simple mode without VLans?
10-30-2019 03:42 AM
10-30-2019 03:57 AM
Okay, so i have just to enter this configuration in each interface (pre-configured with VLan).
Could you give the specific configuration of Dynamic ARP Inspection in VLan Environment
Exp: i have VLan 10 in interface 1 using this ip adresse 192.168.10.1 and have his own DHCP mode and linked with gateway 192.168.99.1 in interface 24
10-30-2019 04:06 AM
10-30-2019 03:53 AM
hmmm how epidemic is this attack?! If you unify all of your connected devices into a single subnet/ VLAN then you put all of the devcies at risk from the ARP attack.
By using VLANs you reduce the broadcast domain and therefore the reach of an ARP based attack.
I would keep the VLANs and implement DAI. Don't adjust your topology, get the switch to do the work.
cheers,
Seb.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide