1. Home
  2. Zyxel
  3. Zyxel XGS2220-54FP-GB0101F User Manual
  4. Page 524

Zyxel XGS2220-54FP-GB0101F XGS2220-54FP 48-Port GbE L3 Access PoE+ Switch with 6 10G Uplink

Zyxel XGS2220 Series User Guide - Page 524

For XGS2220-54FP-GB0101F.

PDF File Manual, 727 pages, Read Online | Download pdf file

XGS2220-54FP-GB0101F photo
Loading ...
Loading ...
Loading ...
Chapter 70 Anti-Arpscan
XGS2220 Series User’s Guide
524
CHAPTER 70
Anti-Arpscan
70.1 Anti-Arpscan Overview
Address Resolution Protocol (ARP), RFC 826, is a protocol used to convert a network-layer IP address to a
link-layer MAC address. ARP scan is used to scan the network of a certain interface for alive hosts. It
shows the IP address and MAC addresses of all hosts found. Hackers could use ARP scan to find targets
in your network. Anti-arpscan is used to detect unusual ARP scan activity and block suspicious hosts or
ports.
Unusual ARP scan activity is determined by port and host thresholds that you set. A port threshold is
determined by the number of packets received per second on the port. If the received packet rate is
over the threshold, then the port is put into an Err-Disable state. You can recover the normal state of the
port manually if this happens and after you identify the cause of the problem.
A host threshold is determined by the number of ARP-request packets received per second. There is a
global threshold rate for all hosts. If the rate of a host is over the threshold, then that host is blocked by
using a MAC address filter. A blocked host is released automatically after the MAC aging time expires.
Note: A port-based threshold must be larger than the host-based threshold or the host-based
threshold will not work.
70.1.1 What You Can Do
Use the Anti-Arpscan Status screen (Section 70.2 on page 525) to see what ports are trusted and are
forwarding traffic or are disabled.
Use the Anti-Arpscan Host Status screen (Section 70.3 on page 526) to view blocked hosts and clear
selected ones.
Use this Anti-Arpscan Setup screen (Section 70.4 on page 527) to enable anti-arpscan, set port and
host thresholds as well as configure ports to be trusted or untrusted.
Use the Anti-Arpscan Trust Host screen (Section 70.5 on page 529) to create or remove trusted hosts
identified by IP address and subnet mask. Anti-arpscan is not performed on trusted hosts.
70.1.2 What You Need to Know
You should set an uplink port as a trusted port before enabling Anti-arpscan so as to prevent the port
from being shutdown due to receiving too many ARP messages.
When a port is configured as a trusted port, Anti-arpscan is not performed on the port. Both host and
port thresholds are ignored for trusted ports. If the received ARP packet rate on a port or the received
ARP-requests from a host exceed the thresholds, the trusted port will not be closed.
If a port on the Switch is closed by Anti-arpscan, and you want to recover it, then do one of the
following:
Loading ...
Loading ...
Loading ...