About ARP attack detection
ARP attack detection enables access devices to block ARP packets from unauthorized clients to prevent user spoofing and gateway spoofing attacks.
ARP attack detection provides the following features:
User validity check.
ARP packet validity check.
ARP restricted forwarding.
ARP packet ingress port ignoring during user validity check
ARP attack detection for a VSI.
ARP attack detection logging.
If both ARP packet validity check and user validity check are enabled, the former one applies first, and then the latter applies.
Do not configure ARP attack detection together with ARP snooping. Otherwise, ARP snooping entries cannot be generated.