mac
Commands for ARP Scanning Prevention
288
from being shutdown because of receiving too many ARP messages. After the
anti-ARP-scan function is disabled, this port will be reset to its default attribute, that is,
Untrust port.
Example: Set port ethernet 4/5 of the switch as a trusted port.
Switch(config)#in e4/5
Switch(Config-If-Ethernet4/5)# anti-arpscan trust port
22.5 anti-arpscan trust ip
Command: anti-arpscan trust ip <ip-address> [<netmask>]
no anti-arpscan trust ip <ip-address> [<netmask>]
Function: Configure trusted IP;” no anti-arpscan trust ip <ip-address>
[<netmask>]”command reset the IP to non-trustful IP.
Parameters: <ip-address>: Configure trusted IP address; <netmask>: Net mask of the
IP.
Default Settings: By default all the IP are non-trustful. Default mask is 255.255.255.255
Command Mode: Global configuration mode
User Guide: If a port is configured as a trusted port, then the ARP scanning prevention
function will not deal with this port, even if the rate of received ARP messages exceeds
the set threshold, this port will not be closed. If the port is already closed by ARP
scanning prevention, its traffic will be recovered right immediately.
Example: Set 192.168.1.0/24 as trusted IP.
Switch(config)#anti-arpscan trust ip 192.168.1.0 255.255.255.0
22.6 anti-arpscan recovery enable
Command: anti-arpscan recovery enable
no anti-arpscan recovery enable
Function: Enable the automatic recovery function, “no anti-arpscan recovery enable”
command will disable the function.
Parameters: None
Default Settings: Enable the automatic recovery function
Command Mode: Global configuration mode
User Guide: If the users want the normal state to be recovered after a while the port is
closed or the IP is disabled, they can configure this function.
Example: Enable the automatic recovery function of the switch.
Switch(config)#anti-arpscan recovery enable