Hi!

Recently, I started delving into ARP Spoofing and ARP Poisoning attacks. Then, I looked into how I could (better) protect my Omada network against this. I saw an option for "ARP Spoofing Defense" in my Omada controller.

I enabled it, did an ARP Spoof, but the router didn't do anything.

Now I see in the specifications of my ER605 that ARP protection only works in Standalone Mode. That makes some sense since it's a budget device. But even the ER7206 (€142), ER707-M2 (€160), and the brand new ER7412-M2 (€200) from August 2024 (!) can only do this in Standalone mode.

For the ER704W-4G (€309) and ER706W (€132) variants, I don’t see an icon for "Sending GARP Packets" and "IP-MAC Binding." Only ARP Scanning has an icon, which means it is only available in Standalone mode.

Is it true that ARP Spoofing Defense works fully in Controller mode for the ER704W-4G and ER706W variants? Is ARP Scanning necessary for this functionality? Why was this choice made? It seems completely illogical to me based on hardware specifications and price.

In addition, I noticed that the specifications of the ER8411 have a *5 next to ARP Inspection, but at the bottom, it doesn't say what *5 means. Did you forget to add that, or does the ER8411 actually support ARP Inspection in Controller mode?