Operation Manual

ManualsBrandsTP-LINK ManualsComputersT1700X-16TS

581

582

583

584

585

586

587

588

589

590

Configuring Network Security ARP Inspection Configurations

Configuration Guide

563

Switch(config)#interface ten-gigabitEthernet 1/0/1

Switch(config-if)#ip arp inspection trust

Switch(config-if)#show ip arp inspection

ARP detection global status: Enabled

Port Trusted

Te1/0/1 YES

Te1/0/2 NO

......

Switch(config-if)#end

Switch#copy running-config startup-config

4.2.2 Configuring ARP Defend

With ARP Defend enabled, the switch can terminate receiving the ARP packets for 300

seconds when the transmission speed of the legal ARP packet on the port exceeds the

defined value so as to avoid ARP Attack flood.

Follow these steps to configure ARP Defend:

Step 1 configure

Enter global configuration mode.

Step 2 interface {fastEthernet

port

| range fastEthernet

port-list

| gigabitEthernet

port

| range

gigabitEthernet

port-list

| ten-gigabitEthernet

port

| range ten-gigabitEthernet

port-list

]

Enter interface configuration mode.

Step 3 ip arp inspection

Enable the ARP defend feature on the port.

Step 4 ip arp inspection limit-rate

value

Specify the maximum number of the ARP packets can be received on the port per second.

value:

Specify the limit rate value. The valid values are from 10 to 100 pps (packets/second),

and the default value is 15.

Step 5 show ip arp inspection interface

(Optional) View the configurations and status of the ports.

Step 6 ip arp inspection recover

(Optional) For ports which the speed of receiving ARP packets has exceeded the limit, use

this command to restore the port from Discard status to Normal status.