Chapter 18 commands for arp scanning prevention, 1 anti-arpscan enable, 2 anti-arpscan port-based threshold – PLANET XGS3-24040 User Manual

18-1

Chapter 18 Commands for ARP

Scanning Prevention

18.1 anti-arpscan enable

Command:

anti-arpscan enable

no anti-arpscan enable

Function:

Globally enable ARP scanning prevention function; “no anti-arpscan enable” command globally

disables ARP scanning prevention function.

Parameters:

None.

Default Settings:

Disable ARP scanning prevention function.

Command Mode:

Global configuration mode

User Guide:

When remotely managing a switch with a method like telnet, users should set the uplink port as a

Super Trust port before enabling anti-ARP-scan function, preventing the port from being shutdown

because of receiving too many ARP messages. After the anti-ARP-scan function is disabled, this

port will be reset to its default attribute, that is, Untrust port.

Example:

Enable the ARP scanning prevention function of the switch.

Switch(config)#anti-arpscan enable

18.2 anti-arpscan port-based threshold

Command:

anti-arpscan port-based threshold <threshold-value>

no anti-arpscan port-based threshold

Function:

Set the threshold of received messages of the port-based ARP scanning prevention. If the rate of

received ARP messages exceeds the threshold, the port will be closed. The unit is packet/second.

The “no anti-arpscan port-based threshold” command will reset the default value, 10

packets/second.

Parameters:

rate threshold, ranging from 2 to 200.

Default Settings:

10 packets /second.

Command Mode:

Global Configuration Mode.