Internal network attacks refer to attacks from Layer 2 protocol packets. Attacks often use ARP to attack network devices. ARP attack defense measures are often used:
Strict ARP learning: The device learns only the ARP Reply packets in response to the ARP Request packets sent by itself. Run the arp learning strict command to enable strict ARP learning.
ARP gateway anti-collision: If an attacker sends an ARP packet with the source IP address as the gateway address, ARP entries are modified incorrectly. ARP gateway anti-collision can solve this problem. Run the arp anti-attack gateway-duplicate enable command to enable the ARP gateway anti-collision function.
Sending gratuitous ARP packets: To ensure that packets sent by hosts on the internal network are forwarded to the gateway or prevent malicious users from intercepting these packets, the device sends gratuitous ARP packets at intervals to update the gateway address in ARP entries of the hosts. Run the arp gratuitous-arp send enable command to enable the device to send gratuitous ARP packets. By default, the device sends gratuitous ARP packets every 90s.
If too many security measures are used, device performance may deteriorate.