beautypg.com

3 arp scanning prevention typical examples, Canning, Revention – PLANET WGSW-52040 User Manual

Page 242: Ypical, Xamples

background image

27.3 ARP Scanning Prevention Typical Examples

SWITCH B

E1/1
E1/19

SWITCH A

E1/2

E1/2

PC

Server

192.168.1.100/24

PC

Figure 27-1: ARP scanning prevention typical configuration example

In the network topology above, port E1/1 of SWITCH B is connected to port E1/19 of SWITCH

A, the port E1/2 of SWITCH A is connected to file server (IP address is 192.168.1.100/24), and

all the other ports of SWITCH A are connected to common PC. The following configuration can

prevent ARP scanning effectively without affecting the normal operation of the system.

SWITCH A configuration task sequence:

SwitchA(config)#anti-arpscan enable

SwitchA(config)#anti-arpscan recovery time 3600

SwitchA(config)#anti-arpscan trust ip 192.168.1.100 255.255.255.0

SwitchA(config)#interface ethernet1/2

SwitchA (Config-If-Ethernet1/2)#anti-arpscan trust port

SwitchA (Config-If-Ethernet1/2)#exit

SwitchA(config)#interface ethernet1/19

SwitchA (Config-If-Ethernet1/19)#anti-arpscan trust supertrust-port

Switch A(Config-If-Ethernet1/19)#exit

SWITCHB configuration task sequence:

Switch B(config)# anti-arpscan enable

SwitchB(config)#interface ethernet1/1

SwitchB(Config-If-Ethernet1/1)#anti-arpscan trust port

SwitchB(Config-If-Ethernet1/1)exit

27-21

See also other documents in the category PLANET Routers: