How does the "firewall prohibit-ip-spoofing" command actually work?

Aruba Employee
Aruba Employee

Product and Software: This article applies to all Aruba controllers and ArubaOS versions.


By default, IP spoofing is enabled via the "firewall prohibit-ip-spoofing" command, which makes the controller deny multiple MAC addresses using same IP address. It means that all traffic from another MAC address with the same IP address that already exists in the user table is denied, and this new user will not be added to the user table. The check is made before adding any IP address to the user table and for each ARP request/response. If any spoofing happens, it will be logged.


#show firewall

Global firewall policies 

Policy Action Rate

Enforce TCP handshake before allowing data Disabled 
Prohibit RST replay attack Disabled 
Deny all IP fragments Disabled 
Prohibit IP Spoofing Enabled 
Monitor ping attack Disabled 
Monitor TCP SYN attack Disabled 
Monitor IP sessions attack Disabled 
Deny inter user bridging Disabled 
Log all received ICMP errors Disabled 
Per-packet logging Disabled 
Session mirror destination Disabled 
Disable Stateful SIP Processing Disabled 
Allow tri-session with DNAT Disabled 
Disable FTP server No 
GRE call id processing Disabled 
Session Idle Timeout Disabled 
VOIP proxy arp Disabled 
WMM content enforcement Disabled 
Session VOIP Timeout Disabled 
Session mirror IPSEC Disabled



Version history
Revision #:
1 of 1
Last update:
‎07-02-2014 08:52 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: