beautypg.com

3 arp scanni ng prevention typical examples, Canning, Revention – PLANET XGS3-24042 User Manual

Page 213: Ypical, Xamples, 3 arp scanning prevention typical examples

background image

23-50

anti-arpscan log enable

no anti-arpscan log enable

Enable or disable the log function of ARP

scanning prevention.

anti-arpscan trap enable

no anti-arpscan trap enable

Enable or disable the SNMP Trap function

of ARP scanning prevention.

show anti-arpscan [trust

supertrust-port> | prohibited ]

Display the state of operation and

configuration of ARP scanning prevention.

Admin Mode

debug anti-arpscan

no debug anti-arpscan

Enable or disable the debug switch of ARP

scanning prevention.

23.3 ARP Scanning Prevention Typical Examples

Figure 23-1 ARP scanning prevention typical configuration example

In the network topology above, port E1/0/1 of SWITCH B is connected to port E1/0/19 of SWITCH A, the port

E1/0/2 of SWITCH A is connected to file server (IP address is 192.168.1.100/24), and all the other ports of

SWITCH A are connected to common PC. The following configuration can prevent ARP scanning effectively

without affecting the normal operation of the system.

SWITCH A configuration task sequence:

SwitchA(config)#anti-arpscan enable

SwitchA(config)#anti-arpscan recovery time 3600

SwitchA(config)#anti-arpscan trust ip 192.168.1.100 255.255.255.0

SwitchA(config)#interface ethernet1/0/2

SwitchA (Config-If-Ethernet1/0/2)#anti-arpscan trust port

SwitchA (Config-If-Ethernet1/0/2)#exit

SwitchA(config)#interface ethernet1/0/19

SwitchA (Config-If-Ethernet1/0/19)#anti-arpscan trust supertrust-port

Switch A(Config-If-Ethernet1/0/19)#exit

SWITCH A

SWITCH B

PC

PC

E1/0/1
E1/0/19

E1/0/2

Server

192.168.1.100/24

E1/0/2

This manual is related to the following products:
See also other documents in the category PLANET Routers: