Message Image

Skip main navigation (Press Enter).

Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

ARP Traffic Disabling Ports. Need Suggestions

Migration UserOct 25, 2013 04:19 PM

Good Afternoon All, We are having an issue here on campus that is causing ports to be disabled ...

RafeeqOct 25, 2013 04:45 PM

with SEP these are the options available Enabling anti-MAC spoofing - Allows the inbound and outbound ...

1. ARP Traffic Disabling Ports. Need Suggestions

0 Recommend
Migration User
Posted Oct 25, 2013 04:19 PM

Reply Reply Privately
Good Afternoon All,

We are having an issue here on campus that is causing ports to be disabled on our Cisco Switches. This only appears to happen on one specific VLAN and we are not sure why. Whenever an excessive amount of ARP traffic is generated from WIndows 7 workstations, it disables the switch port that machine is using. I can recreate this by simply browsing the network neighborhood, which disables the port. I have tried turning off these features using AD Group Policies, and somehow somthing is still triggering ARP traffic.

My question for everyone here, is there a way to block ARP traffic in the SEP firewall (other than the built in ARP Spoofing Rule) and has anyone run into something similar? Any suggestions on how to fix this?

Joe U.
2. RE: ARP Traffic Disabling Ports. Need Suggestions

0 Recommend
Rafeeq
Posted Oct 25, 2013 04:45 PM

Reply Reply Privately
with SEP these are the options available

Enabling anti-MAC spoofing - Allows the inbound and outbound ARP (Address Resolution Protocol) traffic only if an ARP request was made to that specific host. It blocks all other unexpected ARP traffic and logs it in the Security Log.

This how you enable it

https://www-secure.symantec.com/connect/articles/how-series-symantec-endpoint-protection-part-2

Copyright 2019. All rights reserved.

Powered by Higher Logic