How to configure and troubleshoot "Drop bad ARP" option to prevent ARP attacks in Aruba Instant (IAP)?

Aruba Employee
Aruba Employee

This article explains the “drop bad ARP feature” introduced in IAP OS version

“Drop bad ARP” is one of the methods of tackling ARP attacks on the network.

For any ARP packet from WiFi, if the ARP sender mac address and the Ethernet source mac address are different, the IAP drops the ARP packet and updates the dropped ARP counters.


The configuration and verification steps mentioned in this article are tested on IAP 105 running



Environment : This article applies to all the IAPs running a minimum OS version of


From WebUI:

  1. Navigate to Security > Firewall Settings
  2. Enable “Drop bad ARP” option from the drop down.



From CLI:


rtaImage (1).png



show attack config” command shows whether “Drop bad ARP” option is enable or disabled.
Show attack stats” commands will show the number of bad arp packets that have been dropped.



rtaImage (2).png


A packet capture can help to verify why the ARP packets are dropped as shown below:


rtaImage (3).png


Here, the ethernet Source MAC and Sender MAC address are different in the sample GARP packet, hence, the AP will drop it.

Version history
Revision #:
1 of 1
Last update:
‎07-03-2014 07:22 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: