TP-Link TL-ER604W manual Firewall, Anti ARP Spoofing, IP-MAC Binding

Page 82

3.5 Firewall

3.5.1 Anti ARP Spoofing

ARP (Address Resolution Protocol) is used for analyzing and mapping IP addresses to the corresponding MAC addresses so that packets can be delivered to their destinations correctly.

ARP functions to translate the IP address into the corresponding MAC address and maintain an ARP Table in which the latest used IP address-to-MAC address mapping entries are stored. ARP protocol can facilitate the Hosts in the same network segment to communicate with one another or access to external network via Gateway. However, since ARP protocol is implemented with the premise that all the Hosts and Gateways are trusted, there are high security risks during ARP Implementation Procedure in the actual complex network.

The attacker may send the ARP spoofing packets with false IP address-to-MAC address mapping entries, and then the device will automatically update the ARP table after receiving wrong ARP packets, which results in a breakdown of the normal communication. Thus, ARP defense technology is generated to prevent the network from this kind of attack.

3.5.1.1IP-MAC Binding

IP-MAC Binding functions to bind the IP address, MAC address of the host together and only allows the Hosts matching the bound entries to access the network.

Choose the menu Firewall→Anti ARP Spoofing→IP-MAC Binding to load the following page.

Figure 3-50 IP-MAC Binding

The following items are displayed on this screen:

General

-77-

Page 81 Page 83
Image 82
Page 81 Page 83
Contents TL-ER604W Copyright & Trademarks FCC Statement Contents III 149 Hardware Specifications 148Application 130 Glossary 151Package Contents Conventions Symbol DescriptionIntended Readers Overview of this GuideOverview of the Router Features Traffic Control WirelessSecurity  LEDs AppearanceFront Panel Status IndicationRear Panel Network System ModeStatus Page  Non-NAT Mode WAN Mode NAT Mode  Classic ModeTips  WAN Mode3.2 WAN1 Static IPWAN Static IP Following items are displayed on this screen  Static IPConnection Type Dynamic IP Dynamic IP Host NameUse the following DNS Get IP Address byUnicast ServerPPPoE WAN PPPoESettings Keep Alive PasswordActive Mode Account NameSecondary Connection Service NameISP Address Subnet AddressGateway Address L2TP L2TP Settings 10 WAN L2TP Following items are displayed on this screenSecondary Default GatewayConnection  L2TP Status Pptp Pptp Settings Server IPInternet connection by the Connect or Disconnect  Pptp Status BigPond BigPond Settings 12 WAN Bigpond Following items are displayed on this screen BigPond Status ISP4.1 LAN 4 LANDhcp  Dhcp Settings Dhcp Reservation Dhcp Client Dhcp Reservation Set the MAC Address for LAN port MAC Address List of Reserved Address Set the MAC Address for WAN port MAC Address SwitchStatistics PortPort Mirror  StatisticsMirroring Port Enable Port MirrorMode Mirrored PortApplication Example Rate Control Rate Control Port Config  Port ConfigPort Vlan Port Status Port Vlan Wireless Setting WirelessWireless Setting  Wireless Setting Wireless Parameter AP Isolation DescriptionSsid Broadcast SecurityWPA/WPA2 WEP Key Format Multi-SSIDHexadecimal and Ascii formats are  Multi-SSID Config  GeneralEnable/Disable Guest NetworkEncryption Group KeyAuth Type 1.3 WDS  List of GroupBSSIDto be bridged Scan Parameter Key TypeKey : Wireless Advanced Wireless Advanced Short GIMAC Filtering  Filtering Rules Host Status Rule List Group User Group Host Status  User Config  Group ConfigUser  List of User  View ConfigView ViewAdvanced NAT Setup1 NAT One-to-One NAT  One-to-One NAT List of Rules Multi-Nets NAT Multi-Nets NAT Configuration procedure Application Example Network RequirementsVirtual Server Interface  Virtual ServerProtocol Port Triggering  Port Triggering1.6 ALG 38 ALG Following items are displayed on this screen323 ALG SetupTraffic Control IPsec ALGLimited ControlControl all the time UpstreamBandwidth Control Session Limit Session LimitLimited Bandwidth Session List  List of Session LimitLoad Balance ConfigurationPolicy Routing WAN Link Backup 45 Link Backup Following items are displayed on this screenTiming WAN ConfigProtocol Failover Protocol RoutingStatic Route  List of Protocol47 Static Route Following items are displayed on this screen  Static Route5.2 RIP 48 RIP Following items are displayed on this screen  List of RIPRoute Table Anti ARP Spoofing FirewallIP-MAC Binding ARP Scanning  IP-MAC BindingARP List Attack Defense Packet Anomaly Enable AttackFlood Defense DefenseURL Filtering Access ControlMAC Filtering  MAC Filtering URL Filtering Rule ObjectAccess Rules Web FilteringPolicy  Access RulesService SourceDestination ServiceGroup on 3.3.1 Group PriorityName  Service List of Service Dest. Port Control Rules App ControlControl Rules ApplicationVPN Database1 IKE IKE Policy62 IKE Policy Following items are displayed on this screen  IKE PolicyIKE Proposal 63 IKE Proposal Following items are displayed on this screen  IKE ProposalIPsec Policy IPsec List of IKE Proposal Policy Name  IPsec PolicyLocal Subnet Remote Gateway Policy ModeRemote Subnet IKE PolicyAH Authentication Key-Out AH Authentication Key-InESP Authentication Key-In ESP Authentication Key-Out List of IPsec Policy IPsec IPsec Proposal IPsec Proposal  List of IPsec Proposal 3 L2TP/PPTP Protocol Media Tunnel Length of Header AuthenticationIPsec SA 3.1 L2TP/PPTP Tunnel  L2TP/PPTP TunnelL2TP/PPTP Server TunnelMax Connections Pre-shard KeyList of L2TP/PPTP Tunnel  List of ConfigurationsIP Address Pool  IP Address PoolPPPoE Server ServicesGeneral 70 General Following items are displayed on this screen IP Address Pool IP Address Assigned Account Account Static IP AddressExceptional IP Is 48. If Enable Advanced Account Features is not selected, List of Account List of Account Bulletin Exceptional IP  E-Bulletin IntervalTitle Publisher Dynamic DNS List of E-Bulletin DynDNS  Dyndns Ddns List of DynDNS Account No-IP No-IP Ddns  List of No-IP Account PeanutHull PeanutHull Ddns Comexe  List of PeanutHull Account Comexe Ddns UPnP List of Comexe Account Administrator MaintenanceAdmin Setup  List of UPnP MappingLogin Parameter  AdministratorRemote Management  Remote ManagementManagement Factory Defaults List of Subnet Export and Import Reboot Configuration Version  ExportFirmware Upgrade License Interface Traffic Statistics StatisticsInterface Traffic Statistics 123IP Traffic Statistics  Advanced WAN Information Traffic Statistics DiagnosticsDiagnostics  IP Traffic Statistics Ping Online Detection Tracert DNS Lookup TimePing Port Displays the detected WAN port DetectionLogs Severity  Config List of Logs Send System LogsApplication Network RequirementsInternet Setting Network Topology ConfigurationsSystem Mode System Mode Internet ConnectionSettings VPN SettingIKE Setting IPsec VPN IKE Policy IKE1IPsec Setting  IPsec Proposal IPsec Policy PFS DH1Pptp VPN Setting  IP Address Pool L2TP/PPTP Tunnel  Group Network ManagementUser Group  UserApp Control  ViewEnable Bandwidth Control 11 App RulesBandwidth Control Rule LAN WAN1LAN ARP Defense Network SecurityScan and import the entries to ARP List Set IP-MAC Binding Entry Manually WAN ARP DefenseSet Attack Defense Attack Defense 20 Attack Defense 145Traffic Monitoring StatisticsPage Appendix a Hardware Specifications Environmental and PhysicalAppendix B FAQ Page Appendix C Glossary Glossary DescriptionAllows dissimilar communication devices to communicate Port or device that connects to a LAN. Other devices Enterprise
Related manuals
Manual 4 pages 13.1 Kb
Top Page Image Contents