Video Screencast Help

ARP Traffic Disabling Ports. Need Suggestions

Created: 25 Oct 2013 | 1 comment

Good Afternoon All,

 

We are having an issue here on campus that is causing ports to be disabled on our Cisco Switches.  This only appears to happen on one specific VLAN and we are not sure why.  Whenever an excessive amount of ARP traffic is generated from WIndows 7 workstations, it disables the switch port that machine is using.  I can recreate this by simply browsing the network neighborhood, which disables the port.  I have tried turning off these features using AD Group Policies, and somehow somthing is still triggering ARP traffic.

My question for everyone here, is there a way to block ARP traffic in the SEP firewall (other than the built in ARP Spoofing Rule) and has anyone run into something similar?  Any suggestions on how to fix this?

 

Joe U.  

Operating Systems:

Comments 1 CommentJump to latest comment

Rafeeq's picture

 with SEP these are the options available

Enabling anti-MAC spoofing - Allows the inbound and outbound ARP (Address Resolution Protocol) traffic only if an ARP request was made to that specific host. It blocks all other unexpected ARP traffic and logs it in the Security Log. 

This how you enable it

https://www-secure.symantec.com/connect/articles/how-series-symantec-endpoint-protection-part-2