Cisco Support Community
Community Member

about ip spoofing...attack

hi, I have some question.

Arp spoofing attack was makes down of our some network.

I want to privent this attack.

I found DAI to cisco web-site.

But Our Network is non-DHCP envirenment.

I read the cisco document of DAI.

according to document, configur ARP ACL non-DHCP envirnemet.

but we have 1000 over host.

input the 1000 over arp acl to C6509?

please, other way?


Re: about ip spoofing...attack

One of the IOS features that you are probably interested in is called Unicast Reverse-Path verification. There are other mechanisms as well such as Access Control Lists that can help protect against IP Address spoofing.

Below is a link that explains in more detail the Unicast Reverse-Path verification:

Enabling DHCP Snooping is fairly straightforward, here is the guide:

Community Member

Re: about ip spoofing...attack

Thanks for your reply.

But Attack Server located in same VLAN.

This Server was Flooding 1 mac-address and all IP Address of VLAN.

After all, All host was down in same VLAN.

If One mac-address have many IP Address(Attacking), then it possible limit one mac-address per IP address? like a limit mac-address number.

I want to defense of Local IP Flooding Attack.

Now I was mapping of important Server's IP and mac.

CreatePlease to create content