Anti-Arpscan - ZyXEL Communications XS3800-28 Cli Reference Manual
Hide thumbs
Also See for XS3800-28:
- User manual (789 pages) ,
- Quick start manual (2 pages) ,
- User manual (593 pages)
Table of Contents
Advertisement
Use these commands to configure anti-Arpscan on the Switch.
5.1 Anti-Arpscan Overview
Address Resolution Protocol (ARP), RFC 826, is a protocol used to convert a network-layer IP address to a
link-layer MAC address. ARP scan is used to scan the network of a certain interface for alive hosts. It
shows the IP address and MAC addresses of all hosts found. Hackers could use ARP scan to find targets
in your network. Anti-arpscan is used to detect unusual ARP scan activity and block suspicious hosts or
ports.
Unusual ARP scan activity is determined by port and host thresholds that you set. A port threshold is
determined by the number of packets received per second on the port. If the received packet rate is
over the threshold, then the port is put into an Err-Disable state. You can recover the normal state of the
port manually if this happens and after you identify the cause of the problem.
A host threshold is determined by the number of ARP-request packets received per second. There is a
global threshold rate for all hosts. If the rate of a host is over the threshold, then that host is blocked by
using a MAC address filter. A blocked host is released automatically after the MAC aging time expires.
Note: A port-based threshold must be larger than the host-based threshold or the host-based
threshold will not work.
5.2 Command Summary
The following section lists the commands for this feature.
Table 12 anti arpscan Command Summary
COMMAND
anti arpscan
anti arpscan host threshold <2-
100>
anti arpscan port threshold <2-
255>
anti arpscan trust host <ip-
address> <mask> [ name <name> ]
Anti-Arpscan
DESCRIPTION
Enables Anti-arpscan on the Switch.
Sets the maximum number of ARP-request packets
allowed by a host before it is blocked. If the rate of a host is
over the threshold, then that host is blocked by using a
MAC address filter. A blocked host is released
automatically after the MAC aging time expires.
Sets the maximum number of packets per second allowed
on the port before it is blocked.
Creates a trusted host identified by IP address and subnet
mask.
Anti-arpscan is not performed on trusted hosts.
Ethernet Switch CLI Reference Guide
30
C
H A P T E R
5
M
P
C
13
C
13
C
13
C
13
Hide quick links:
Advertisement
Table of Contents
