3 arp scanning prevention typical examples, Canning, Revention – QTECH QSW-8300 Инструкция по настройке User Manual

+7(495) 797-3311 www.qtech.ru

Москва, Новозаводская ул., 18, стр. 1

144

no anti-arpscan recovery time

Display relative information of debug information and ARP scanning

Command

Explanation

Global configuration mode

anti-arpscan log enable

no anti-arpscan log enable

Enable or disable the log function of ARP

scanning prevention.

anti-arpscan trap enable

no anti-arpscan trap enable

Enable or disable the SNMP Trap function of

ARP scanning prevention.

show anti-arpscan [trust <ip | port |

supertrust-port> | prohibited <ip | port>]

Display

the

state

of

operation

and

configuration of ARP scanning prevention.

Admin Mode

debug anti-arpscan <port | ip>

no debug anti-arpscan <port | ip>

Enable or disable the debug switch of ARP

scanning prevention.

17.3 ARP Scanning Prevention Typical Examples

ARP scanning prevention typical configuration example

In the network topology above, port E1/0/1 of switch B is connected to port E1/0/19 of switch A,

the port E1/0/2 of switch A is connected to file server (IP address is 192.168.1.100/24), and all

the other ports of switch A are connected to common PC. The following configuration can

prevent ARP scanning effectively without affecting the normal operation of the system.

switch A configuration task sequence:

SwitchA(config)#anti-arpscan enable

SwitchA(config)#anti-arpscan recovery time 3600

SwitchA(config)#anti-arpscan trust ip 192.168.1.100 255.255.255.0

switch A

switch B

PC

PC

E1/0/1
E1/0/19

E1/0/

2

Server

192.168.1.100/2

4

E1/0/

2