188
Chapter 16 Commands for ARP
Scanning Prevention
16.1 anti-arpscan enable
Command: anti-arpscan enable
no anti-arpscan enable
Function: Globally enable ARP scanning prevention function; ―no anti-arpscan enable‖
command globally disables ARP scanning prevention function.
Parameters: None.
Default Settings: Disable ARP scanning prevention function.
Command Mode: Global configuration mode
User Guide: When remotely managing a switch with a method like telnet, users should
set the uplink port as a Super Trust port before enabling anti-ARP-scan function,
preventing the port from being shutdown because of receiving too many ARP messages.
After the anti-ARP-scan function is disabled, this port will be reset to its default attribute,
that is, Untrust port.
Example: Enable the ARP scanning prevention function of the switch.
Switch(config)#anti-arpscan enable
16.2 anti-arpscan port-based threshold
Command: anti-arpscan port-based threshold <threshold-value>
no anti-arpscan port-based threshold
Function: Set the threshold of received messages of the port-based ARP scanning
prevention. If the rate of received ARP messages exceeds the threshold, the port will be
closed. The unit is packet/second. The ―no anti-arpscan port-based threshold‖ command
will reset the default value, 10 packets/second.
Parameters: rate threshold, ranging from 2 to 200.
Default Settings: 10 packets /second.
Command Mode: Global Configuration Mode.
User Guide: the threshold of port-based ARP scanning prevention should be larger than
the threshold of IP-based ARP scanning prevention, or, the IP-based ARP scanning
prevention will fail.
To Next Page
Loading...
