4 anti-arpscan trust, 5 anti-arpscan trust ip, Anti – PLANET XGS3-24042 User Manual

20-3

20.4 anti-arpscan trust

Command:

anti-arpscan trust [port | supertrust-port]

no anti-arpscan trust [port | supertrust-port]

Function:

Configure a port as a trusted port or a super trusted port;” no anti-arpscan trust <port |

supertrust-port>”command will reset the port as an untrusted port.

Default Settings:

By default all the ports are non- trustful.

Command Mode:

Port configuration mode

User Guide:

If a port is configured as a trusted port, then the ARP scanning prevention function will not deal with

this port, even if the rate of received ARP messages exceeds the set threshold, this port will not be

closed, but the non- trustful IP of this port will still be checked. If a port is set as a super non- trustful

port, then neither the port nor the IP of the port will be dealt with. If the port is already closed by ARP

scanning prevention, it will be opened right after being set as a trusted port.

When remotely managing a switch with a method like telnet, users should set the uplink port as a

Super Trust port before enabling anti-ARP-scan function, preventing the port from being shutdown

because of receiving too many ARP messages. After the anti-ARP-scan function is disabled, this

port will be reset to its default attribute, that is, Untrust port.

Example:

Set port ethernet 1/0/5 of the switch as a trusted port.

Switch(config)#in e1/0/5

Switch(Config-If-Ethernet1/0/5)# anti-arpscan trust port

20.5 anti-arpscan trust ip

Command:

anti-arpscan trust ip <ip-address> [<netmask>]

no anti-arpscan trust ip <ip-address> [<netmask>]

Function:

Configure trusted IP; ”no anti-arpscan trust ip <ip-address> [<netmask>]”command reset the IP

to non-trustful IP.

Parameters: