Troubleshooting ARP IP Conflict on Huawei AR2240 Router and Mitigating It with ACL

The core and floor switches are unmanaged ("dumb") devices, while the gateway resides on the AR router; users connect through two dumb routers in subnets 190.131.1.0/16 and 190.131.3.0/16.

Inspection of cpu-defend statistic shows packet drops, and the trapbuffer reveals multiple ARP IP‑conflict traps with the same source MAC address 0017-59de-b688 on interface GigabitEthernet0/0/1.

ARP tables on the AR router (see attached ARP table) list many IP‑MAC bindings, including the conflicting address 190.131.3.131 associated with the same MAC, indicating a possible MAC spoofing attack.

Because the offending MAC cannot be physically located in the live network, the recommended mitigation is to block ARP packets from that MAC using an ACL on the AR router.

Configuration steps:

[Huawei]acl number 4444 [Huawei-acl-L2-4444]rule 5 deny l2-protocol arp source-mac 0017-59de-b688

Apply the ACL inbound on the relevant interface:

[Huawei]int g0/0/1 [Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 4444

After applying the ACL, the network traffic returns to normal, confirming that the ARP IP‑conflict issue was resolved by filtering the malicious MAC.

This method is a common practice for handling similar ARP‑based attacks when the attacking device cannot be directly identified.