Chapter 13 commands for arp scanning prevention, 1 anti-arpscan enable, 2 anti-arpscan port-based threshold – PLANET WGSW-50040 User Manual

Commands for Security Function Chapter 6 Commands for TACACS+

Chapter 13 Commands for

ARP Scanning Prevention

13.1 anti-arpscan enable

Command:

anti-arpscan enable

no anti-arpscan enable

Function:

Globally enable ARP scanning prevention function; “no anti-arpscan enable” command globally

disables ARP scanning prevention function.

Default Settings:

Disable ARP scanning prevention function.

Command Mode:

Global configuration mode

User Guide:

When remotely managing a switch with a method like telnet, users should set the uplink port as a

Super Trust port before enabling anti-ARP-scan function, preventing the port from being shutdown

because of receiving too many ARP messages. After the anti-ARP-scan function is disabled, this

port will be reset to its default attribute, that is, Untrust port.

Example:

Enable the ARP scanning prevention function of the switch.

Switch(config)#anti-arpscan enable

13.2 anti-arpscan port-based threshold

Command:

anti-arpscan port-based threshold

no anti-arpscan port-based threshold

Function:

Set the threshold of received messages of the port-based ARP scanning prevention. If the rate of

received ARP messages exceeds the threshold, the port will be closed. The unit is packet/second.

The “no anti-arpscan port-based threshold” command will reset the default value, 10

packets/second.