Aruba Instant On Help Center
You are here: Web Help > Configuring Networks > Wired Network > Network Security

Network Security

The Network Security option in the Instant On web application, allows you to configure security protection against DHCP and ARP attacks.

DHCP Snooping

DHCP snooping provides network security by filtering DHCP messages from untrusted sources in the network. It differentiates between ports connected to untrusted end user devices and ports connected to trusted DHCP servers or other Instant On devices. To take effect, security protections must be enabled both at the network and at the port level. Uplink ports as well as ports interconnecting Instant On devices together are automatically configured to trust the devices connected.

ARP Attack Protection

ARP attack protection is a security feature that validates ARP packets in a network and discards ARP packets with invalid IP-to-MAC address bindings. The system automatically learns the IP to MAC bindings from the DHCP exchanges in the network and it protects the network from certain man-in-the-middle and impersonation attacks.

The option to enable DHCP Snooping and ARP Attack security protection only apply to Instant On switch ports and is displayed when the site has at least one Instant On switch in the device inventory. The following procedure enables Network Security on the Instant On network:

  1. Click Networks () tile on the Instant On home page. The Networks page is displayed.
  2. Click the () arrow next to the wired network and click on Network Security tab.
  3. Select the Network security protections checkbox to enable network protections. This setting is disabled by default.
  4. Click Enable in the popup window.
  5. Ensure that the Security protections setting is also enabled in the Port Details page for the port on which the network is configured. For more information on Security protections, see Switch Details.
  6. Click Save to save the configurations.