Manage ARP Table
==================

The ARP protocol thus makes network traffic communications a relatively simple and straightforward affair. 
However, ARP is also inherently vulnerable from a security perspective. ARP requires no authentication whatsoever of the addressing information it receives from any network peer. 
All ARP replies are cached in the ARP table as described above; existing table entries are automatically overwritten by the most recent information received. 
This lack of authentication makes ARP an easy target for cyber-security exploitation.

In particular, ARP is highly vulnerable to attacks such as “ARP Spoofing” and “ARP Poisoning.” 
The point of such attacks, the nature of which will be discussed further below, and which can be initiated from some compromised network device or from the hacker themselves if they have acquired physical access to the network in question, is to compromise the integrity of a local network’s ARP table by associating an attacker’s MAC address with the IP address of a particular target host. In this way, network traffic intended for a particular destination will instead be forwarded on to the attacker’s host location. That traffic can them be modified, stolen, or simply observed in order to support some additional cyberattack purpose in an on-demand fashion. ARP-related security breaches are very difficult to detect and defend against precisely because the ARP information is maintained and transmitted only within the L2 broadcast domain. Vigilant network administrators cannot tell, simply by looking at an ARP table, whether it’s been compromised or not, unless they have established some manual system to keep track of the expected IP-to-MAC address relationships.

NAC provides a plugin to manage ARP tables to solve these problems.
Delete static ARP to prevent vulnerabilities bypassing NAC.

#. Go to **Policy** in the top panel.
#. Go to **Policy > Node Policy > Agent Action** in the left Policy panel.
#. Find and click **Manage ARP Table** in the Agent Action window.

Under **General** section:

#. For **CWP Message**, add message to be displayed in accordance with the
   Policy.
#. For **Label**, add labels to help categorize your plugins with custom labels
   that appear in the "Description" field.

Under **Agent Actions** section:

#. For **Boolean Operator**, choose **AND** or **OR** to add optional
   conditions.
#. For **Settings**, click **Add** and select your optional conditions.
   **Criteria/Operator/Value**

Under **Plugin Settings** section:

#. For **Deleting Static ARP Entries**, To remove static ARP set by the user of the Node that Agent is installed. (Except static ARP added by AAS)
#. For **Anti ARP Spoofing (AAS)**, To add Conflict Prevention Nodes to ARP table as Static.
   
   -  **Node Group** : To apply specific Node Group (If not selected, it applies to all Nodes to which Agent Action is assigned)

#. Click **Update.**
#. Go to **Node Policy** in the left Policy panel.
#. Click the **Default Policy** in Node Policy window.
#. Find **Agent Action**. Click **Assign.**
#. Find **Manage ARP Table** in the **Available** section. Select and drag it into the **Selected** section.
#. Click **Add.**
#. Click **Update.**