Configuring Arp Defend - TP-Link T1600G-18TS Configuration Manual

Configuring Network Security
Switch(config)#ip arp inspection
Switch(config)#interface gigabitEthernet 1/0/1
Switch(config-if)#ip arp inspection trust
Switch(config-if)#show ip arp inspection
ARP detection global status: Enabled
Port Trusted
Gi1/0/1 YES
Gi1/0/2 NO
......
Switch(config-if)#end
Switch#copy running-config startup-config

4.2.2 Configuring ARP Defend

With ARP Defend enabled, the switch can terminate receiving the ARP packets for 300
seconds when the transmission speed of the legal ARP packet on the port exceeds the
defined value so as to avoid ARP Attack flood.
Follow these steps to configure ARP Defend:
Step 1
Step 2
Step 3
Step 4
Step 5
configure
Enter global configuration mode.
interface { fastEthernet port | range fastEthernet port-list | gigabitEthernet port | range
gigabitEthernet port-list }
Enter interface configuration mode.
ip arp inspection
Enable the ARP defend feature on the port.
ip arp inspection limit-rate value
Specify the maximum number of the ARP packets can be received on the port per second.
Specify the limit rate value. The valid values are from 10 to 100 pps (packets/second),
value:
and the default value is 15.
show ip arp inspection interface
(Optional) View the configurations and status of the ports.
ARP Inspection Configurations
Configuration Guide 564