Chapter 20 commands for arp scanning prevention, 1 anti-arpscan enable, 2 anti-arpscan port-based threshold – PLANET XGS3-24042 User Manual

20-1

Chapter 20 Commands for ARP

Scanning Prevention

20.1 anti-arpscan enable

Command:

anti-arpscan enable

no anti-arpscan enable

Function:

Globally enable ARP scanning prevention function; “no anti-arpscan enable” command globally

disables ARP scanning prevention function.

Default Settings:

Disable ARP scanning prevention function.

Command Mode:

Global configuration mode

User Guide:

When remotely managing a switch with a method like telnet, users should set the uplink port as a

Super Trust port before enabling anti-ARP-scan function, preventing the port from being shutdown

because of receiving too many ARP messages. After the anti-ARP-scan function is disabled, this

port will be reset to its default attribute, that is, Untrust port.

Example:

Enable the ARP scanning prevention function of the switch.

Switch(config)#anti-arpscan enable

20.2 anti-arpscan port-based threshold

Command:

anti-arpscan port-based threshold <threshold-value>

no anti-arpscan port-based threshold

Function:

Set the threshold of received messages of the port-based ARP scanning prevention. If the rate of

received ARP messages exceeds the threshold, the port will be closed. The unit is packet/second.

The “no anti-arpscan port-based threshold” command will reset the default value, 10

packets/second.