3 arp scanning prevention typical examples, Canning, Revention – QTECH QSW-8300 Инструкция по настройке User Manual
Page 145: Ypical, Xamples
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
144
no anti-arpscan recovery time
Display relative information of debug information and ARP scanning
Command
Explanation
Global configuration mode
anti-arpscan log enable
no anti-arpscan log enable
Enable or disable the log function of ARP
scanning prevention.
anti-arpscan trap enable
no anti-arpscan trap enable
Enable or disable the SNMP Trap function of
ARP scanning prevention.
show anti-arpscan [trust
supertrust-port> | prohibited
Display
the
state
of
operation
and
configuration of ARP scanning prevention.
Admin Mode
debug anti-arpscan
no debug anti-arpscan
Enable or disable the debug switch of ARP
scanning prevention.
17.3 ARP Scanning Prevention Typical Examples
ARP scanning prevention typical configuration example
In the network topology above, port E1/0/1 of switch B is connected to port E1/0/19 of switch A,
the port E1/0/2 of switch A is connected to file server (IP address is 192.168.1.100/24), and all
the other ports of switch A are connected to common PC. The following configuration can
prevent ARP scanning effectively without affecting the normal operation of the system.
switch A configuration task sequence:
SwitchA(config)#anti-arpscan enable
SwitchA(config)#anti-arpscan recovery time 3600
SwitchA(config)#anti-arpscan trust ip 192.168.1.100 255.255.255.0
switch A
switch B
PC
PC
E1/0/1
E1/0/19
E1/0/
2
Server
192.168.1.100/2
4
E1/0/
2