Manuals / D-Link / Computer Equipment / Switch

D-Link DES-3018 manual IP-MAC-Port Binding Impb

Models: DES-3018

1 260

Download 260 pages 53.54 Kb

Page 68

DES-3010F/DES-3010FL/DES-3010G/DES-3016/DES-3018/DES-3026 Fast Ethernet Switch Manual

IP-MAC-Port Binding (IMPB)

The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC binding is to restrict the access to a switch to a number of authorized users. Only the authorized client can access the Switch’s port by checking the pair of IP-MAC addresses with the pre- configured database. If an unauthorized user tries to access an IP-MAC binding enabled port, the system will block the access by dropping its packet. The maximum number of IP-MAC binding entries is dependant on chip capability (e.g. the ARP table size) and storage size of the device. The maximum number of IP-MAC Binding entries is 500. The creation of authorized users can be manually configured by CLI or Web. The function is port-based, this means a user can enable or disable the function on the individual port.

IP-MAC-Port Binding (IMPB)

The IP-MAC Ports Settings menu is used to enable IP-MAC binding on a per port basis. Ports that are enabled will apply the IP-MAC check to ingress packets for the port. The IP-MAC database used for the check must be set up with the IP-MAC-Port Binding Table (see below).

This table is used to enable or disable IP-MAC binding on specific ports. Select a port or a range of ports with the From and To fields. Enable or disable the port with the State field.

The Zero IP field is used to allow ARP packets entrance to the Switch when these packets have an IP address of 0.0.0.0, regardless of whether or not the 0.0.0.0 IP address is set in the IP-MAC Binding table. When the Zero IP field is set to Disabled, ARP packets containing the 0.0.0.0 IP address are dropped. Click Apply to save changes.

To view this table, click Administration > IP-MAC Binding > IP-MAC Binding Port

55

Image 68

D-Link DES-3018 manual IP-MAC-Port Binding Impb

Contents

Manual Copyright 2008. All rights reserved Table of Contents Snmp Manager Introduction to Web-based Switch ConfigurationAdministration L2 Features Tool TipsSecurity 133 CoS 109CPU Interface Filtering 122 Monitoring 165 Appendix a 200 Appendix B 203 Appendix C 204Appendix D 209 Glossary 210Preface Intended Readers Typographical ConventionsBold font ConventionDescriptionSafety Instructions Safety CautionsGeneral Precautions for Rack-Mountable Products Protecting Against Electrostatic Discharge Introduction Switch DescriptionFeatures If MIB Switching Technology Ethernet TechnologyFast Ethernet Gigabit Ethernet TechnologyPage Front-Panel Components and LED Indicators DES-3010F Front PanelDES-3026 LED indicators LED or Button Power Console Link/Act Speed DescriptionSide Panel Description Rear panels of these switches contain an AC power connectorRear Panel Description Before You Connect to the Network InstallationPackage Contents Installing the Switch without the Rack Installing the Switch in a RackMounting the Switch in a Standard 19 Rack Power OnOptional Modules DEM-301T Optional ModuleUpgraded DES-3018 / DES-3026 are now ready for use Optional Module SlotsConnecting the Switch Switch to End NodeSwitch to Hub or Switch Switch connected to switch using fiber-optic cablingUplink Connection to a server, PC or switch stack Introduction to Switch Management Command Line Console Interface through the Serial PortManagement Options Web-based Management InterfaceTo connect a terminal to the console port First Time Connecting to the Switch Initial screen, first time connecting to the SwitchPassword Protection Snmp SettingsTraps MIBsShow switch command IP Address AssignmentConnecting Devices to the Switch Assigning the Switch an IP AddressLogging on to the Web Manager Introduction to Web-based Switch ConfigurationIntroduction Web-based User Interface Areas of the User InterfaceArea AreaArea Function Web Pages Administration Device Information Device Information screenIP Address Parameter DescriptionClick Apply to implement changes made Setting the Switchs IP Address using the Console Interface Port Configuration Port SettingsFollowing parameters can be configured Click Apply to implement the new settings on the SwitchParameter Description State Speed/DuplexPort Description Setting and Port Description Table Port DescriptionPort Error Disabled Following information can be viewed in the preceding windowPort ConnectionUser Accounts User Accounts windowUser Account Management Admin and User PrivilegesManagement Admin User Password Encryption Cable DiagnosticsPort Mirroring 12. Port Mirroring windowSystem Log Settings Following parameters can be setParameter Description Index1-4 Host IP Severity Facility Numerical Facility CodeUDP Port 514 or Status Sntp Settings Time SettingsParameterDescription Time Settings Current Time Time Source Time Settings Set Current Time Year Month DayTime in HH MM SS Time Zone and DSTClick Apply to implement your changes DST Repeating Settings DST Annual SettingsFollowing parameters may be viewed and modified MAC Notification SettingsGlobal Settings Test Tftp ServicesPing Test MIBs Snmp SettingsSnmp Manager Snmp Trap Settings Snmp User TableFollowing parameters are displayed ParameterDescription User NameFollowing parameters can set Group Name Snmp Version Auth-Protocol Priv-ProtocolSnmp View Table Snmp View TableParameterDescription View Name Subtree OIDView Type Snmp Group TableManager Snmp Group Table 28. Snmp Group Table Configuration Add window ParameterDescription Community Name View Name Access Right Snmp Community TableUse the Snmp Host Table to set up Snmp trap recipients Snmp Host Table31. Snmp Engine ID Configuration window Snmp Engine IDIP-MAC-Port Binding Impb IP-MAC-Port Binding ImpbIP-MAC Binding Table 32. IP-MAC Binding Ports window33. IP-MAC Binding Table menu IP-MAC Binding Blocked IP-MAC Binding BlockedLink Single IP Management Single IP Management SIM OverviewSIM Using the Web Interface Single IP Settings SIM SettingsParameterDescription Device Name Local Port TopologyHoldtime Speed Remote Port MAC Address Model Name Icon DescriptionTool Tips 39. Device Information Utilizing the Tool Tip40. Port Speed Utilizing the Tool Tip Commander Switch Icon Following options may appear for the user to configureRight Click Group IconMember Switch Icon 44. Property windowCandidate Switch Icon 46. Property windowMenu Bar This window holds the following informationClick Close to close the Property window Five menus on the menu bar are as followsDevice Firmware Upgrade Configuration File Backup/RestoreIP Setting Upload Log File Upload Log File55. Upload Log File window Forwarding & Filtering Unicast ForwardingUnicast Forwarding ParameterDescriptionMulticast MAC Address Port Settings Multicast ForwardingMulticast Filtering Mode 59. Configure Multicast Filtering ModeSmtp Service Smtp Server Settings Smtp Service ParameterDescription Subject ContentFollowing fields can be set DHCP/BOOTP RelayDHCP/BOOTP Relay Global Settings Click Apply to implement any changes that have been made Dhcp Relay Agent Information Option State Check PolicyDHCP/BOOTP Relay Interface Settings Implementation of Dhcp Information Option 82 on the SwitchRelay Interface Settings Circuit ID sub-option formatDhcp Relay Option 60 Default Settings Following parameters may be configured or viewedRelay Option 60 Default Settings ParameterDescription Relay IP Address ModeParameterDescription String Server IP Match Type Dhcp Relay Option 60 SettingsFollowing parameters may be configured Dhcp Relay Option 61 Default Settings Dhcp Relay Option 61 SettingsFollowing parameters may be set ParameterDescription Client IDRelay Rule L2 Features VLANsVlan Description Ieee 802.1Q VLANs802.1Q Vlan Tags Ieee 802.1Q Packet ForwardingTagging and Untagging Ingress FilteringDefault VLANs Switch PortsVlan Segmentation Vlan and Trunk GroupsStatic Vlan Entry 1Q Static VLANs windowVlan Name Port Settings Tag None Egress 1Q Static VLANs ModifyLink Aggregation Understanding Port Trunk GroupsPage Vlan Trunk Settings Parameter Description Vlan Trunk Status From…ToLink Aggregation Trunking Link AggregationLacp Port Settings Lacp Port SettingsClick Apply to implement changes made Igmp Snooping 12. Current Igmp Snooping Group EntriesFollowing parameters may be viewed or modified Vlan IDStatic Router Ports Settings Vlan Name Member PortsIgmp Access Control Settings Igmp Snooping Igmp Access Control SettingsClick Apply to implement the new settings ParameterDescription From…To StatusSpanning Tree 802.1w Rapid Spanning TreePort Transition States 802.1w Rstp 802.1D STP Forwarding LearningSTP Bridge Global Settings Edge PortP2P Port 802.1D and 802.1w Compatibility17. STP Bridge Global Settings Spanning Tree Protocol104 STP Port Settings STP can be set up on a port per port basisFrom/To PriorityMigration EdgeFollowing fields may be configured Loopback DetectionLoopback Detection ParameterDescription Loopdetect Status IntervalRecover Time From… To State Ieee 802.1p Priority CoSCoS An Example of the Default CoS Mapping on the Switch Advantages of CoSUnderstanding CoS Bandwidth Settings and Port Bandwidth Table window Port BandwidthParameterDescription From/To Type No Limit Rate 802.1p Default Priority 1p Default Priority and the 802.1p Default Priority window802.1p User Priority CoS Scheduling MechanismScheduling Mechanism has the following parameters ParameterDescription StrictWeight fair ParameterDescription WeightsCoS Output Scheduling Click Apply to let your changes take effectPriority Settings Priority SettingParameterDescription From/To MainSelect TOS Priority SettingsConfigure the following Priority Setting parameters Dscp Priority Settings Dscp Priority SettingPort Mapping Priority Settings 10. Port Mapping Priority CoSMAC Priority Settings 11. MAC Priority SettingCPU Interface Filtering State Settings CPU Interface FilteringCPU Interface Filtering Table Interface Filtering CPU Interface Filtering StateProfile ID Source MACDestination MAC 802.1pEthernet type Source IP Mask Destination IP MaskClick Apply to set this entry in the Switch’s memory ProtocolShown below is the Packet Content Mask configuration window Parameter Description Profile ID Type OffsetCPU Interface Filtering Table Ethernet Access ID Parameters DescriptionParameter Description Profile ID Mode Access ID Type 10. CPU Interface Filtering Rule Table IPVlan Name Source IP Destination IP DSCP0-63 Port 12. CPU Interface Filtering Rule Display IPParametersDescription Profile ID Mode Access ID Type Offset 15. CPU Interface Filtering Rule Display Packet Content Security Traffic ControlTraffic Control Settings window Click Apply to implement the settings of each field 136 Port Security Settings and Table window Port SecurityAdmin State Max. Addr0-10 Lock Address Mode Delete Port Lock EntriesLock Entries 802.1X Port-Based and MAC-Based Access Control 802.1XAuthentication Server AuthenticatorClient ClientAuthentication Process 802.1X Authentication ProcessPort-Based Network Access Control 10. Example of Typical Port-Based ConfigurationMAC-Based Network Access Control 11. Example of Typical MAC-Based Configuration802.1X Authenticator Settings 12 .1X Authenticator Settings windowThis screen allows you to set the following parameters SuppTimeout ServerTimeoutMaxReq ReAuthPeriodLocal Users 802.1X Capability Settings Settings to view the following windowClick Security 802.1X 802.1X Capability ParameterDescription From and To CapabilityLimitations Using the Guest Vlan Guest VLANsPort List Configure 802.1X Guest VlanOperation Initializing Ports for Port Based 18. Initialize Port windowReauthenticate Ports for Port Based Initializing Ports for MAC BasedReauthenticate Ports for MAC-based PortsParameter Description Port Auth StateRadius Server Trusted Host To view the Trusted Host table, click Security Trusted HostTraffic Segmentation 24. Current Traffic Segmentation Table25. Setup Forwarding Ports window Secure Shell SSHSSH Server Configuration Following algorithms may be set SSH Authentication Mode and Algorithm SettingsAlgorithm Settings Blow-fish CBC Cast128-CBC Twofish128 Twofish192 Twofish256Encryption Algorithm Data Integrity AlgorithmSSH User Authentication Mode 28. SSH User Authentication Mode windowParameter Description User Name Auth. ModeUser may set the following parameters Monitoring CPU UtilizationPort Utilization Port Utilization windowParameterDescription Time Interval Record Number Received RX PacketsReceived RX Following fields may be set or viewed Rx Packets Analysis TableUMB Cast RX Packets UMB CastRX171 Transmitted TX TransmittedTXTx Packets Analysis window table for Bytes and Packets Packet Errors Rx Error Analysis window line graph10. Rx Error Analysis window table 11. Tx Error Analysis window line graph 12. Tx Error Analysis window table Packet Size Packet SizeFollowing fields can be set or viewed Vlan Status 15. Vlan Status windowMAC Address MAC AddressFollowing fields can be viewed or set ParameterDescription Vlan Name MAC Address Port FindSwitch Log ParameterDescription Sequence Time Log TextLog Settings ParameterDescription Log Mode Time IntervalIgmp Snooping Group Multicast Group MAC Address Reports Port MapSession Table Browse Router PortBrowse ARP Table Port Access Control Radius AuthenticationRadius Authentication ParameterDescription Server187 Radius Accounting AccountingAuth Diagnostics BadAuthenticators UnknownTypes PacketsDroppedEntersConnecting EapLogOffsConnectingEntersAuthenticating SuccessAuthenticatingAuth Session Statistics ResponsesFromSupplicant AuthSuccesses AuthFailsAuth Statistics 27. Authenticator Statistics window Rx Invalid Rx Error Last Version Last Source Monitoring Port Access Control Auth State Auth State29. Authenticator State window MAC-Based Reset 30. Factory Reset to Default Value windowSave Changes Reboot SystemFollowing menu is used to restart the Switch 33. Reboot System window LogoutAppendix a Physical and EnvironmentalGeneral CSMA/CDPerformance Appendix B Appendix 1- 2. The standard RJ-45 pin assignmentsAppendix C System Log Entries205 206 207 208 Standard Media Type Maximum Distance Appendix DCable Lengths Glossary Page Limited Warranty Warranties and RegistrationWhat Is Not Covered Copyright Statement FCC WarningTrademarks Page Page Product Registration Tech Support Technical SupportTechnical Support Technische Unterstützung Assistance technique Asistencia Técnica Supporto tecnico Technical Support Pomoc techniczna Technická podpora Technikai Támogatás Teknisk Support Teknisk Support Teknistä tukea asiakkaille Suomessa Teknisk Support Suporte Técnico Τεχνική Υποστήριξη Tehnička podrška Tehnična podpora Suport tehnica Technical Support Technical Support Техническая поддержка Asistencia Técnica Suporte Técnico Link友訊科技台灣分公司技術支援資訊 Dukungan Teknis 技术支持 International Offices Germany Spain EgyptRegistration Card All Countries and Regions excluding USA247