SNR S2940-8G-v2 Switch Configuration Guide
ARP Scanning Prevention Function Configuration
6. Display relative information of debug information and ARP scanning
Command Explanation
Global configuration mode
anti-arpscan log enable
no anti-arpscan log enable
Enable or disable the log function of ARP scan-
ning prevention.
anti-arpscan trap enable
no anti-arpscan trap enable
Enable or disable the SNMP Trap function of
ARP scanning prevention.
show anti-arpscan [trust <ip | port |
supertrust-port> | prohibited <ip | port>]
Display the state of operation and configuration
of ARP scanning prevention.
Admin Mode
debug
anti-arpscan
<port
|
ip>
no
debug
anti-arpscan
<port
|
ip>
Enable or disable the debug switch of ARP scan-
ning prevention.
30.3 ARP Scanning Prevention Typical Examples
Figure 30.1: ARP scanning prevention typical configuration example
In the network topology above, port E1/0/1 of SWITCH B is connected to port E1/0/19 of
SWITCH A, the port E1/0/2 of SWITCH A is connected to file server (IP address is 192.168.1.100/24),
and all the other ports of SWITCH A are connected to common PC. The following configuration
can prevent ARP scanning effectively without affecting the normal operation of the system.
SWITCH A configuration task sequence:
SwitchA(config)#anti-arpscan enable
SwitchA(config)#anti-arpscan recovery time 3600
SwitchA(config)#anti-arpscan trust ip 192.168.1.100 255.255.255.0
SwitchA(config)#interface ethernet1/0/2
SwitchA(Config-If-Ethernet1/0/2)#anti-arpscan trust port
209
To Next Page
Loading...
General