Stop ARP requests on router

talmadari · ‎05-15-2012

Hi,

We have a router (7206) which connected to client device in /30 IP segment, but this device is a switch which connected to many more devices.

Doing packet capture on our router interface unravel many ARP requests whcih comes from the client switch.

Is there any feature or command which we can stop this?

Thanks ahead.

Tal M.

fb_webuser · ‎05-15-2012

try using the command below in interface config mode:

switchport port-security maximum xx vlan x

where xx is max number of arp enteries you want and x is vlan id.

---

Posted by WebUser Neeraj Jagga from Cisco Support Community App

Sergey Fer · ‎05-15-2012

Is your switch is ARP requests source itself or these requests are users-generated?

Which IP these ARPs are requesting for?

talmadari · ‎05-15-2012

On my side there is a router which connected to the customer end device - a switch, the customer probably connected a router and some more devices to his switch. Now I'm getting an ARP requests frames on my router interface which doesn't belong to my router (MAC address) and I guess that they belong to the other devices which connected to the customer switch.

is there any way to stop these ARP request frames?

Sergey Fer · ‎05-15-2012

OK. Short answer is - NO, you can not stop your customer's switch send ARPs. Because you are recieving side and may only block requests. There is no such signalling that allows you manage remote switch or make something alike.

But... ARPs are broadcasts and therefore your router needs to receive them and make something before throwing away. There are a number of tools you may use to optimize this behavior:

- ARP authorize - allows you to ignore ARPs that received not from known entities (known are static and DHCP-based)

- use MQC (match protocol ARP with some add-ons) to drop unneccessary ARPs inbound

- may be something else...

Of course, the best way to resolve the task is to use your customer switch's capabilities if it is possible.