336
DCS-3950 series Ethernet switch manual
Global Mode
anti-arpscan log enable
no anti-arpscan log enable
Enable or disable the log function of ARP
scanning prevention
anti-arpscan trap enable
no anti-arpscan trap enable
Enable or disable the SNMP Trap
function of ARP scanning prevention
show anti-arpscan [trust
<ip|port|supertrust-port> | prohibited
<ip|port>]
Display the state of operation and
configuration of ARP scanning
prevention
debug anti-arpscan <port|ip>
no debug anti-arpscan <port|ip>
Enable or disable the debug switch of
ARP scanning prevention
21.2.2 ARP Scanning Prevention Command List
21.2.2.1 anti-arpscan enable
Command:anti-arpscan enable
no anti-arpscan enable
Function:Globally enable ARP scanning prevention function; ‘no anti-arpscan enable’
command globally disables ARP scanning prevention function.
Parameters:None.
Default:Disable ARP scanning prevention function.
Command mode:Global Mode
User Guide:None
Example:Enable the ARP scanning prevention function of the switch
Switch(Config)#anti-arpscan enable
21.2.2.2 anti-arpscan port-based threshold <threshold-value>
Command:anti-arpscan port-based threshold <threshold-value>
no anti-arpscan port-based threshold
Function:Set the threshold of received messages of the port-based ARP scanning
prevention. If the rate of received ARP messages exceeds the threshold, the port will be
closed. The unit is packet/second. The ‘no anti-arpscan port-based threshold’ command
will reset the default value, 5 packets per second.
Parameters:rate threshold, ranging from 2 to 200.
Default:5 packets per second
Command mode:Global Mode
User Guide:The threshold of port-based ARP scanning prevention should be larger than
the threshold of IP-based ARP scanning prevention, or, the IP-based ARP scanning
prevention will fail.
Example : Set the threshold of port-based ARP scanning prevention as10
packets/second.
Switch(Config)#anti-arpscan port-based threshold 20
To Next Page
Loading...
Need help?
General