3 arp scanning prevention typical examples, Canning, Revention – PLANET WGSW-52040 User Manual
Page 242: Ypical, Xamples
27.3 ARP Scanning Prevention Typical Examples
SWITCH B
E1/1
E1/19
SWITCH A
E1/2
E1/2
PC
Server
192.168.1.100/24
PC
Figure 27-1: ARP scanning prevention typical configuration example
In the network topology above, port E1/1 of SWITCH B is connected to port E1/19 of SWITCH
A, the port E1/2 of SWITCH A is connected to file server (IP address is 192.168.1.100/24), and
all the other ports of SWITCH A are connected to common PC. The following configuration can
prevent ARP scanning effectively without affecting the normal operation of the system.
SWITCH A configuration task sequence:
SwitchA(config)#anti-arpscan enable
SwitchA(config)#anti-arpscan recovery time 3600
SwitchA(config)#anti-arpscan trust ip 192.168.1.100 255.255.255.0
SwitchA(config)#interface ethernet1/2
SwitchA (Config-If-Ethernet1/2)#anti-arpscan trust port
SwitchA (Config-If-Ethernet1/2)#exit
SwitchA(config)#interface ethernet1/19
SwitchA (Config-If-Ethernet1/19)#anti-arpscan trust supertrust-port
Switch A(Config-If-Ethernet1/19)#exit
SWITCHB configuration task sequence:
Switch B(config)# anti-arpscan enable
SwitchB(config)#interface ethernet1/1
SwitchB(Config-If-Ethernet1/1)#anti-arpscan trust port
SwitchB(Config-If-Ethernet1/1)exit
27-21