Re: [fw-wiz] Windows dynamic ARP



:Does anyone know a way to turn OFF dynamic ARP on Windows? I'd like to
:set up a network where static ARP entries are the only way to
:communicate.

You might want to consider tweaking the StrictArpUpdate registry entry:
http://technet.microsoft.com/en-us/library/cc739819.aspx

Description: Specifies whether TCP/IP in Windows Server 2003 SP1 will
store in the ARP cache the MAC address of the last ARP reply received
(StrictARPUpdate=0) or the MAC address of the first ARP reply received
(StrictARPUpdate=1). With StrictARPUpdate set to 1, TCP/IP will not
update the MAC address of an existing ARP cache entry if it receives
additional unsolicited ARP replies.

This won't -quite- prevent dynamic ARP entries for new nodes, but with
StrictArpUpdate, you should just be able to add static arp entries for
the rest of the IPs on your subnet without them being overwritten, then
remove and allow them to learn the new arp entry as you introduce new
hosts on the subnet.

--
Michael J. O'Connor mjo@xxxxxxxxxxx http://dojo.mi.org/~mjo/
=--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--=
"Kiss my Converse!" -Master Sho'nuff, the Shogun of Harlem
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards