Table of Contents
Advertisement
anti-arpscan log enable
no anti-arpscan log enable
anti-arpscan trap enable
no anti-arpscan trap enable
show anti-arpscan [trust <ip | port |
supertrust-port> | prohibited <ip | port>]
Admin Mode
debug anti-arpscan <port | ip>
no debug anti-arpscan <port | ip>
16.3 ARP Scanning Prevention Typical Examples
Figure 16-1 ARP scanning prevention typical configuration example
In the network topology above, port E1/1 of SWITCH B is connected to port E1/19 of SWITCH A, the port E1/2
of SWITCH A is connected to file server (IP address is 192.168.1.100), and all the other ports of SWITCH A
are connected to common PC. The following configuration can prevent ARP scanning effectively without
affecting the normal operation of the system.
SWITCH A configuration task sequence:
SwitchA(config)#anti-arpscan enable
SwitchA(config)#anti-arpscan recovery time 3600
SwitchA(config)#anti-arpscan trust ip 192.168.1.0 255.255.255.0
SwitchA(config)#interface ethernet1/2
SwitchA (Config-If-Ethernet1/2)#anti-arpscan trust port
SwitchA (Config-If-Ethernet1/2)#exit
SwitchA(config)#interface ethernet1/19
SwitchA (Config-If-Ethernet1/19)#anti-arpscan trust supertrust-port
Switch A(Config-If-Ethernet1/19)#exit
Enable or disable the log function of ARP
scanning prevention.
Enable or disable the SNMP Trap function
of ARP scanning prevention.
Display
configuration of ARP scanning prevention.
Enable or disable the debug switch of ARP
scanning prevention.
E1/1
E1/19
E1/2
E1/2
PC
Server
192.168.1.100/24
16-3
the
state
of
operation
SWITCH B
SWITCH A
PC
and
Advertisement
Table of Contents
Troubleshooting
