![Qtech QSW-8200-52T-AC — настройка предотвращения ARP-сканирования: руководство пользователя [34/47]](/img/pdf.png)
Qtech QSW-8200-52T-AC — настройка предотвращения ARP-сканирования: руководство пользователя [34/47]
Превью страниц
Страница 34 /
47
![Qtech QSW-8200-28F-AC [34/47] Anti arpscan trust](/views2/1596646/page34/bg22.png)
User Manual
Chapter 2. Commands for ARP Scanning Prevention 34
www.qtech.ru
Function: Set the threshold of received messages of the IP-based ARP scanning
prevention. If the rate of received ARP messages exceeds the threshold, the IP
messages from this IP will be blocked. The unit is packet/second. The “no anti-arpscan
ip-based threshold” command will reset the default value, 3 packets/second.
Parameters: rate threshold, ranging from 1 to 200.
Default Settings: 3 packets/second.
Command Mode: Global configuration mode
User Guide: The threshold of port-based ARP scanning prevention should be larger than
the threshold of IP-based ARP scanning prevention, or, the IP-based ARP scanning
prevention will fail.
Example: Set the threshold of IP-based ARP scanning prevention as 6 packets/second.
Switch(config)#anti-arpscan ip-based threshold 6
2.4 anti-arpscan trust
Command: anti-arpscan trust [port | supertrust-port]
no anti-arpscan trust [port | supertrust-port]
Function: Configure a port as a trusted port or a super trusted port;” no anti-arpscan
trust <port | supertrust-port>”command will reset the port as an untrusted port.
Parameters: None.
Default Settings: By default all the ports are non- trustful.
Command Mode: Port configuration mode
User Guide: If a port is configured as a trusted port, then the ARP scanning prevention
function will not deal with this port, even if the rate of received ARP messages exceeds
the set threshold, this port will not be closed, but the non- trustful IP of this port will
still be checked. If a port is set as a super non- trustful port, then neither the port nor
the IP of the port will be dealt with. If the port is already closed by ARP scanning
prevention, it will be opened right after being set as a trusted port.
When remotely managing a switch with a method like telnet, users should set the
uplink port as a Super Trust port before enabling anti-ARP-scan function, preventing the
port from being shutdown because of receiving too many ARP messages. After the anti-
ARP-scan function is disabled, this port will be reset to its default attribute, that is,
Untrust port.
Example: Set port ethernet 1/0/5 of the switch as a trusted port.
Switch(config)#in e1/0/5
Switch(Config-If-Ethernet1/0/5)# anti-arpscan trust port
2.5 anti-arpscan trust ip
Command: anti-arpscan trust ip <ip-address> [<netmask>]
no anti-arpscan trust ip <ip-address> [<netmask>]
Содержание
- Content p.2
- Commands for layer 3 interface 5 p.2
- Commands for ipv4 v6 configuration 7 p.2
- Chapter 1 commands for layer 3 forwarding 5 p.2
- Commands for l3 station movement 32 p.3
- Commands for ip route aggregation 28 p.3
- Commands for arp configuration 28 p.3
- Commands for layer 3 interface p.5
- Chapter 1 commands for layer 3 forwarding p.5
- Commands for ipv4 v6 configuration p.7
- Commands for ip route aggregation p.28
- Commands for arp configuration p.28
- Commands for l3 station movement p.32
- Chapter 2 commands for arp scanning prevention p.33
- Anti arpscan port based threshold p.33
- Anti arpscan ip based threshold p.33
- Anti arpscan enable p.33
- Anti arpscan trust ip p.34
- Anti arpscan trust p.34
- Anti arpscan recovery enable p.35
- Anti arpscan recovery time p.35
- Show anti arpscan p.36
- Anti arpscan trap enable p.36
- Anti arpscan log enable p.36
- Debug anti arpscan p.38
- Ipv6 nd security updateprotect p.39
- Ip arp security updateprotect p.39
- Ip arp security learnprotect p.39
- Chapter 3 commands for preventing arp nd spoofing p.39
- Ipv6 nd security learnprotect p.40
- Ip arp security convert p.40
- Ipv6 nd security convert p.41
- Clear ipv6 nd dynamic p.41
- Clear ip arp dynamic p.41
- Chapter 4 command for arp guard p.42
- Arp guard ip p.42
- Ip local proxy arp p.43
- Chapter 5 command for arp local proxy p.43
- Show ip gratuitous arp p.44
- Ip gratuitous arp p.44
- Configuration p.44
- Chapter 6 commands for gratuitous arp p.44
- Show ip interface p.46
- Keepalive gateway p.46
- Chapter 7 commands for keepalive gateway p.46
- Show keepalive gateway p.47
Похожие устройства
-
Qtech QSW-1500-20EF-POE-ACТехнические характеристики -
Qtech QSW-1500-19EF-POE-AC V3Описание параметров
-
Qtech QSW-1500-10E-POE-DОписание параметров
-
Qtech QSW-1500-6E-POE-DПодробное техническое описание
-
Qtech QSW-4610Инструкция пользователя -
Qtech QSW-3750 REV. RИнструкция пользователя
-
Qtech QSW-3750Руководство по эксплуатации
-
Qtech QSW-3420Инструкция по применению
-
Qtech QSW-9000-01Руководство по управлению -
Qtech QSW-9000-01Руководство по настройке -
Qtech QSW-9000-01Руководство по настройке управления -
Qtech QSW-9000-01Руководство по командам
Узнайте, как настроить порог ARP-сообщений и доверенные порты для предотвращения ARP-сканирования. Подробные инструкции и примеры команд.