Controlling Devices Using Static ARP

If a device sets the MAC address in the ARP table as static, a policy-violating device may bypass network access control and communicate freely.

Note

In ARP-based control methods, the network sensor sends ARP control packets to the violating device to enforce network control.

Solutions

To control devices using Static ARP, Genian NAC offers the following four control methods:

Static ARP Prevention via Agent

  • The agent monitors static ARP table entries in real-time and dynamically modifies them.
  • Navigate to Policy > Node Policy > Node Action > ARP Management > Block Static ARP = On
  • Assign the ARP Management Node Action to a node policy to apply it to the device.

Control via 802.1x Configuration

802.1x port-based access control is one of the most robust methods for enforcing network security. It allows user-based authentication and role-based access control through switch port-level configuration.

Wired and Wireless 802.1x Setup

  • Enable RADIUS server functionality and integrate it with network devices (Switches, APs).
  • Configure the Wired Authentication Manager plugin to match your network environment and apply it to devices.
  • Use RADIUS policy settings to enforce network control at the switch port level.

Refer to Radius, Radius policy settings for further information.

Control via Mirror Configuration

  • Add a Network Sensor in Mirror Mode on the upstream side of the Static ARP device to perform control via HTTP Redirection.
  • Navigate to System > Sensor Management > Sensor Settings > Blocking Method > HTTP Redirection Drop(Reject)

Note

Two options for HTTP Redirection:
  • Drop: Drops blocked packets without further action.
  • Reject: Sends TCP RST for TCP or ICMP Unreachable for UDP.

Control via Strict Mode (Network Sensor)

  • This isolates policy-violating devices by redirecting response packets back to the network sensor whenever a violating device attempts to send packets, effectively controlling communication.
  • Navigate to System > Sensor Management > Sensor Settings > Sensor Operation Mode > ARP Strict Mode

Note

Three options for Strict Mode:
  • Normal: Do not apply Strict Mode
  • Strict: Apply Strict Mode
  • Strict (without Gateway): Apply Strict Mode but do not control the gateway