D-Link DGS-3700 Trusted Host , IP-MAC-Port Binding

DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual

147

Parameter Description

Rising Threshold Used to configure the acceptable level of CPU utilization before the Safeguard Engi ne

mechanism is enabled. Once the CPU utilization reaches this percentage level, the Switch

will move into the Exhausted state.

Falling Threshold Used to configure the acceptable level of CPU utilization as a perc entage, where the Switch

leaves the Exhausted state and returns to normal mode.

Trap/log Use the pull-down menu to enable or disable the sending of m essages to the de vice’s SNM P

agent and switch log once the Safeguard Engine has been activated by a high CPU ut ilization

rate.

Mode Toggle the State field to either Strict or Fuzzy for the Safeguar d Engine of the Switch.

Click Apply to implement the settings made.

Trusted Host

Use the Security IP Management to permit remote stations to manage the Switc h. If you choose to d efine one or more

designated management stations, only the chosen stations, as define d by IP address, will be a llowed management

privilege through the web manager or Telnet session. To define a management station IP setting, type in the IP

address with a proper subnet mask and click the Add button.

To view this window, click Security > Trusted Host a s shown below:

Figure 5 - 3 Trusted Host window

To delete an entry click the corresponding Delete button.

IP-MAC-Port Binding

The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC addr ess. Binding these

two address types together allows the transmission of data between the layers . The primary purpose of IP-MAC

binding is to restrict the access to a switch to a number of authorized users. Onl y the author ized c lient c an ac cess the

Switch’s port by checking the pair of IP-MAC addresses with the pre-configured database, or when DH CP snoop ing is

enabled, the switch will automatically learn the IP/MAC pairs b y snooping DHCP packets and saving them to the IMPB

white list. If an unauthorized user tries to access an IP-MAC bin ding e nable d port, the s ystem will bloc k t he acc ess b y

dropping its packet. For the DGS-3700 Series, active and inactive entries use the sam e database. The maximum

entry number is 511. The creation of authorized users can be manual ly configured by CLI or Web. The function is port-

based, meaning a user can enable or disable the function on the individual port.

The IP-MAC-Port Binding folder contains five windows: IMP Binding Global Settings, IMP B inding Port Settings, IM P

Binding Entry Settings, DHCP Snooping Entries, and MAC Block List.

This window is used to enable or disable the ACL mode, Trap L og St ate and DH CP Snoop state on t he s witc h. W hen

the user enables the ACL Mode for IP-MAC Binding it will create two Access Profile Entries on th e Switch. The

Trap/Log field will enable and disable the sending of trap log messages for IP-MAC binding. W hen enabled, the