23-50
anti-arpscan log enable
no anti-arpscan log enable
Enable or disable the log function of ARP
anti-arpscan trap enable
no anti-arpscan trap enable
Enable or disable the SNMP Trap function
of ARP scanning prevention.
show anti-arpscan [trust <ip | port |
supertrust-port> | prohibited <ip | port>]
Display the state of operation and
configuration of ARP scanning prevention.
debug anti-arpscan <port | ip>
no debug anti-arpscan <port | ip>
Enable or disable the debug switch of ARP
23.3 ARP Scanning Prevention Typical Examples
Figure 23-1 ARP scanning prevention typical configuration example
In the network topology above, port E1/0/1 of SWITCH B is connected to port E1/0/19 of SWITCH A, the port
E1/0/2 of SWITCH A is connected to file server (IP address is 192.168.1.100/24), and all the other ports of
SWITCH A are connected to common PC. The following configuration can prevent ARP scanning effectively
without affecting the normal operation of the system.
SWITCH A configuration task sequence:
SwitchA(config)#anti-arpscan enable
SwitchA(config)#anti-arpscan recovery time 3600
SwitchA(config)#anti-arpscan trust ip 192.168.1.100 255.255.255.0
SwitchA(config)#interface ethernet1/0/2
SwitchA (Config-If-Ethernet1/0/2)#anti-arpscan trust port
SwitchA (Config-If-Ethernet1/0/2)#exit
SwitchA(config)#interface ethernet1/0/19
SwitchA (Config-If-Ethernet1/0/19)#anti-arpscan trust supertrust-port
Switch A(Config-If-Ethernet1/0/19)#exit
SWITCH A
SWITCH B
PC PC
E1/0/1
E1/0/19
E1/0/2
192.168.1.100/24
E1/0/2
To Next Page
Loading...
