In this example, we will use Anti-ARP Scan to prevent attackers from identifying all network devices in the local area network.
ARP Scanning is a method by which attackers send multiple ARP request packets in a very short period of time to flood across the entire broadcast domain.
IP Scanning from Wired and Wireless Devices
1. Configuration steps
- Access the switch’s web GUI.
- Go to Advance Application > Anti-Arpscan > Configure.
Check the Active box and configure the uplink port (port 24) as “Trusted”. Click Apply.
- Go to Advance Application > Errdisable > Errdisable Recovery.
Check the Active box and activate anti-arpscan. Click Apply.
2. Test the Result
- Download and install an IP Scanning software into Host-A and Host-C.
- Connect Host-A and Host-B via the Wireless Access
- Host-A should initiate a scan for IP address 192.168.1.1 to 192.168.1.20.
- Host-A should no longer be able to reach the USG
- Access the Switch’s Web GUI. Go to Advance Application > Anti-Arpscan > Host Status. An entry for Host-A should appear with an “Err-Disable”
- Host-B should still be able to reach the USG
- Connect Host-C to the USG
- Host-C should perform a quick scan for IP address 168.1.1 to 192.168.1.100.
- Host-C should no longer be able to reach the
- Access the Switch’s Web GUI. Go to Advance Application > Anti-Arpscan. Port 2 should now be in an Err-disabled
3. What could go wrong?
If access to servers or the local gateway is no longer possible after enabling Anti-Arpscan, make sure that only ports directly connected to hosts or Wireless Access Points are “untrusted”.
Ports to servers and the local gateway should be “trusted”.
If all hosts connected through a Wireless Access Point can no longer reach the local gateway, check whether the port to the Wireless Access Point has changed to the err-disable state in Advance Application > Anti-Arpscan.
If so, consider increasing the Port Threshold in Advance Application > Anti-Arpscan > Configure.