handing ARP poisoning

how do you stop ARP poisoning or a broadcast storm on a Canopy network it being a layar 2?


I love VLANs!!! :smiley: haha

Very useful for decreasing the size of broadcast domains. Otherwise you need to use routers.


Or just NAT every customer.

That works too. I have had a lot of bad luck using the NAT and DHCp server in the SMs though. Been putting a lot of external routers in for customers - something I can’t control remotely. :frowning: haha


vlans only stop arp posining on a AP /sm?
or will it help stop it all the way back to our swith,
We have a SM that is arp spoofing all the way back through the AP to BH to Switch where our router is plugged into, will the VLAN stop this as well even though it is happening out side the AP??? :cry:

Unfortunately no, it won’t stop someone from poisoning your gateway or something along the way.

One solution may be using static arp. But it may prove to be hard to maintain.
Also there are programs that detect arp poisoning(like Arpwatch, Arpalert, XArp) and you could react to that with some Intrusion Detection/Prevention System(IDS/IPS) or a script to block attacer’s mac.
A good IDS is Snort.

Neverless Layer 2 is very exploitable. Arp poisoning can be very frustrating and hard to prevent.