user can't get address normally because of arp attack

Publication Date:  2012-09-10 Views:  112 Downloads:  0
Issue Description
public network --- usg2210-----SW(two layer switch) -----PC
Simple description of topology:
USG2210 as the export gateway, connected with two layer devices, one network segment, gateway exit in a interface of firewall.
problem description:

Problem: mac address displays the mac of gateway after host in internal network comminicated with each other, not the mac address of host itself, and it leads to  bad problem of ip collision in internal network.
Alarm Information
Handling Process
1、review the configuration of usg2210 and switch, and find out whether dhcp assigned ip address and dns automaticly or not.
2、tell users to connect computer with device from our company, the PC could get address and dns normally, without arp collision. The location of problem: internal network problem.
3、review log file of firewall, arp attack exist, message of attack came from internal PC(ip:
antivirus is the suggestion, problem solved after antivirus.

Root Cause
1、configuration problem of usg2210 and switch.
2、internal network loop and other reasons in internal network.
3、network been attacked from internal or external ?
4、edition problem of usg2210
enable the attack defense function of usg2210 is the suggestion.