SonicOS 7.3 System

Technical Documentation>  MAC IP Anti-Spoof>  Anti-Spoof Cache
Table of Contents

Anti-Spoof Cache

The MAC-IP Anti-Spoof Cache lists all the devices presently listed as “authorized” to access the network, and all devices marked as “blacklisted” (denied access) from the network.

To add a device to the list

  1. Navigate to the NETWORK | System > MAC-IP Anti-Spoof page.
  2. Click +Add. The Add Anti-Spoof Cache dialog displays.

    3. Add Anti-Spoof Cache

  1. Select an interface from Interface.

    To populate the Anti-Spoof Cache for Native Bridge members, select the Native Bridge member interface from the Interface drop-down.

  2. Enter the IP address for the device in the IP Address field.
  3. Enter the MAC address for the device in the MAC Address field.
  4. Select the A Router option to allow traffic coming from behind this device.
  5. Select the A blacklisted device option to block packets from this device, regardless of its IP address.
  6. Click Save.

When adding Anti-Spoof Cache entries for Native Bridge member interfaces or L2B interfaces, the cache entry is keyed by {interface, MAC address}. This means the same MAC address can have different entries on different Native Bridge member interfaces.

For Native Bridge and L2B interfaces, the Anti-Spoof Cache can only be populated via static entries (manually or via CLI). The auto-population methods (DHCP Server, DHCP Relay, Static ARP) are not available for these interface types.

Unlike Layer 3 MAC-IP Anti-Spoof, Layer 2 enforcement blocks DHCP and NetBIOS packets by default. If DHCP-dependent devices exist on a Native Bridge member or L2B interface, you must either:

  • Pre-populate the Anti-Spoof Cache with static entries for those devices, or
  • Enable Allow DHCP/NetBios packets when MAC Anti-Spoof at Layer 2 is enabled for that interface.

If you need to edit an Anti-Spoof cache entry, click the entry’s Edit icon under the Configure column.

Single, or multiple, anti-spoof cache entries can be deleted. To do this, select the checkbox next to each entry, then click Delete MAC-IP Anti-Spoof Cache).

To clear cache statistics

  1. Select the desired devices, then click Reset.

Some packet types are bypassed even though the MAC-IP Anti-Spoof feature is enabled:

  • Non-IP packets.
  • DHCP packets with source IP as 0.
  • Packets from a VPN tunnel.
  • Packets with invalid Unicast IPs as their source IPs.
  • Packets from interfaces where the Management status is not enabled under anti-spoof settings.

The Anti-Spoof Cache Search section provides the ability to search the entries in the cache.

To search the MAC-IP Anti-Spoof Cache

  1. Navigate to the NETWORK | System > MAC-IP Anti-Spoof page.
  2. Enter a search string in the field.
  3. Click Search. Matching entries in the MAC-IP Anti-Spoof cache are displayed.

To clear the Anti-Spoof Cache table and redisplay all entries, click Refresh.

Chat