Arp Fcs | D-Link DGS-3700 manual

DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual

Appendix A

Mitigating ARP Spoofing Attacks Using Packet Content ACL

Address Resolution Protocol (ARP) is the standard method for finding a host's hardware address (MAC address) when only its IP address is known. This protocol is vulnerable because it can spoof the IP and MAC information in the ARP packets to attack a LAN (known as ARP spoofing). This document is intended to introduce ARP protocol, ARP spoofing attacks, and the counter measure brought by D-Link's switches to counter the ARP spoofing attack.

•How Address Resolution Protocol works

In the process of ARP, PC A will, firstly, issue an ARP request to query PC B’s MAC address. The network structure is shown in Figure-1.

Figure-1

In the mean time, PC A’s MAC address will be written into the “Sender H/W Address” and its IP address will be written into the “Sender Protocol Address” in ARP payload. As PC B’s MAC address is unknown, the “Target H/W Address” will be “00-00-00-00-00-00” while PC B’s IP address will be written into the “Target Protocol Address”, shown in Table- 1.

H/W	Protocol	H/W	Protocol	Operation	Sender	Sender	Target	Target
type	type	address	address		H/W address	protocol	H/W address	protocol
		length	length		H/W address	address	H/W address	address
		length	length			address		address

				ARP	00-20-5C-01-11-11	10.10.10.1	00-00-00-00-00-00	10.10.10.2
				request	00-20-5C-01-11-11	10.10.10.1	00-00-00-00-00-00	10.10.10.2
				request

Table -1 (ARP Payload)

The ARP request will be encapsulated into Ethernet frame and sent out. As can be seen in Table-2, the “Source Address” in the Ethernet frame will be PC A’s MAC address. Since an ARP request is sent via a broadcast, the “Destination address” is in the format of an Ethernet broadcast (FF-FF-FF-FF-FF-FF).

Destination

Source address

Ether-type

ARP

FCS

259

Image 270

D-Link DGS-3700 user manual Arp Fcs

Contents

Copyright 2009. All rights reserved Page Table of Contents DDM L2 Features QoS Security ACL Save Services and Tools 258 Preface Intended Readers Typographical Conventions Login to Web Manager Introduction Web-based User Interface Areas of the User Interface Web Pages AreaArea Function Page Configuration Device Information System Information Parameter Description Baud Rate Serial Port SettingsFields that can be configured are described below Auto Logout IP Address Settings window IP Address Bootp Dhcp Interface Settings Setting the Swith’s IP Address using the Console Interface Address Parameter Description Interface NameIPv6 Network IPv6 State IPv6 Route Settings IPv6 Neighbor SettingsAutomatic Link Local Address Neighbor IPv6 Port ConfigurationPort Settings Address Link Layer MAC Port Description Static ARP Settings Port Error Disabled User Accounts Password Admin, Operator and User PrivilegesNew Password Management Admin Operator User Admin, Operator and User Privileges User Account Management System Log Configuration System Log SettingsSystem Log Server UDP Port Parameter Description Server IDServer IP Address 514 or Severity System Severity Settings Parameter Description System SeveritySeverity Level Dhcp Relay Global Settings Dhcp Relay Check Dhcp Relay AgentInformation Option Policy Implementation of Dhcp Information Option 82 on the Switch Circuit ID sub-option formatRemote ID sub-option format Parameter Description Relay IP Address Dhcp Relay Interface SettingsDhcp Relay Option 60 Default Settings Mode Dhcp Relay Option 60 Settings Dhcp Relay Option 61 Default Settings Parameter Description Client ID Out of Band Management SettingsDhcp Relay Option 61 Settings Relay Rule Parameter Description IP Address External Alarm SettingsDhcp Auto Configuration Settings Link Status Web Settings Telnet SettingsMAC Address Aging Time Firmware Information Password EncryptionClipaging Settings Parameter Description Version Dual Configuration SettingsUpdate Time Size Bytes Ping Test IPv6 Ping Test Local Loopback Ports SettingsTimeout Size Vlan Counter Settings Sntp Settings Time Settings TimeZone Settings Hhmm MAC Notification Settings MAC Notification Global Settings MAC Notification Port Settings ParameterDescription Snmp Settings TrapsMIBs Parameter Description View Name Snmp Global State SettingsSnmp View Table Subtree OID Snmp Group Table Snmp User Table Snmp Community Table Parameter Description Community Name Snmp Host Table Snmp v6Host Table String/SNMPv3 User Snmp Engine IDCommunity Name Parameter Description Range Name Time Range SettingsSnmp Trap Configuration Hours SFlow SFlow Global State SettingsSFlow Analyzer Server Settings ParameterDescription Analyzer Server ID SFlow Flow Sampler Settings SFlow Counter Poller Settings Following parameters can be configured Single IP Management Single IP Settings Upgrade to Topology Speed Parameter Description Device NameRemote Port Local Port 62 Topology view Icon Description Tool Tips 63 Device Information Utilizing the Tool Tip Right-Click Group Icon Commander Switch Icon Member Switch IconCandidate Switch Icon Menu Bar Firmware Upgrade Configuration File Backup/Restore DDM Settings Upload Log FileBrowse DDM Status List DDM Temperature Threshold Settings DDM Voltage Threshold Settings DDM Bias Current Threshold Settings DDM Tx Power Threshold Settings DDM Rx Power Threshold Settings Parameter Description From Port / To Port Jumbo Frame Jumbo Frame window VLANs Understanding Ieee 802.1p PriorityVlan Description Ieee 802.1Q VLANs Ieee 802.1Q Packet Forwarding 802.1Q Vlan Tags Ieee 802.1Q Tag Port Vlan ID Tagging and UntaggingIngress Filtering Vlan Segmentation Default VLANsPort-based VLANs VID Destination Source Double VLANsVlan and Trunk Groups Spvlan Tpid + Regulations for Double VLANs Double Vlan Example 802.1Q Vlan Current 802.1Q Static VLANs Entries window 802.1Q Vlan window Add/Edit Vlan Tab Tagged Port SettingsAdvertisement Untagged 10 802.1Q Vlan window Vlan Batch Settings window Subnet Vlan Subnet Vlan SettingsVlan Precedence Settings Vlan ID In-Q Settings In-QVlan Precedence Vlan Translation Settings In-Q and Vlan Translation Rules For ingress untagged packets at UNI portsFor ingress tagged packets at UNI ports 802.1v Protocol Group Settings 802.1v Protocol Vlan Check the Select All Ports box 802.1v Protocol Vlan Settings802.1p Priority Search Port List Rspan Settings Gvrp Settings Gvrp Global Settings GvrpPvid Leave All Time MAC-based Vlan SettingsPvid Auto Assign Settings NNI Bpdu Port Trunking Understanding Port Trunk Groups Active Port Parameter Description AlgorithmMaster Port Member Ports Lacp Port Settings Activity Traffic Segmentation Forward Portlist Bpdu Tunneling Settings 27 Bpdu Tunneling window Rate Limit Igmp Snooping SettingsIgmp Snooping Querier IP Robustness Value Time Query IntervalMax Response 255 Igmp Snooping Rate Limit Settings Igmp Snooping Static Group Settings Igmp Multicast Group Profile Settings Igmp Snooping Multicast Vlan SettingsFollowing fields can be set IPv4 Multicast Profile Settings IPv4 Limited Multicast Range Settings IPv4 Max Multicast Group Settings MLD Snooping Settings MLD SnoopingMLD Control Messages Max Response Time Query Expiry TimeQuery Interval 1-65535 sec 25 sec MLD Snooping Rate Limit Settings 43 MLD Snooping Router IP Settings Modify window MLD Snooping Static Group Settings MLD Multicast Group Profile SettingsIPv6 Address MLD Snooping Multicast Vlan Settings 1,6 Source Port1,6 IPv6 Multicast Profile Settings Tagged Member Port e.g.1-4,6 IPv6 Limited Multicast Range Settings IPv6 Max Multicast Group Settings Port Mirror 55 Port Mirror window Parameter Description LBD State Loopback Detection SettingsRecover Time Trap Status Port Transition States Spanning Tree802.1w Rapid Spanning Tree Edge Port P2P Port 802.1D and 802.1w Compatibility STP Bridge Global Settings Max Hops NNI Bpdu Address STP Port Settings External Cost 0=Auto MST Configuration Identification P2P Revision Level STP Instance SettingsParameter Description Configuration Name Msti ID Internal Path cost Mstp Port InformationInstance ID 200000000 Forwarding & Filtering Unicast ForwardingMulticast Forwarding Multicast Filtering Mode Multicast MAC Lldp Global Settings Parameter Description From Port /To Port Lldp Port SettingsAdmin Status Notification Lldp Basic TLVs Settings Lldp Management Address ListParameter Description Address Lldp Dot1 TLVs Settings Vlan Lldp Dot3 TLVs Settings Lldp Statistics SystemMAC/PHY Lldp Local Port Information 72 Lldp Statistics System window CFM Port Settings Lldp Remote Port Information CFM CCM PDUs Forwarding Mode CFM MPs Reply LTRsCFM Mipccm List Connectivity Fault Management SettingsMD Connectivity Fault Management SettingsConnectivity Fault Management CreateMD Parameter Description CFM State MEP CFM Loopback SettingsMIP LBM CFM Linktrace Settings Remote Loopback Ethernet OAM SettingsEthernet OAM Received Remote Ethernet OAM Configuration Settings QoS Advantages of QoS Mapping QoS on the Switch Understanding QoSPage HOL Blocking Pevention Bandwidth ControlNo Limit Traffic Control Traffic Control window Count Down Traffic Trap Setting Traffice TrapSettings Time Interval 802.1p Default Priority 802.1p Default Priority window 802.1p User Priority QoS Scheduling Mechanism QoS Scheduling SchedulingMechanism Band Manage Settings Class ID Sred Settings Band Manage Settings Click Apply to implement changes 141 Dscp Trust Settings Dscp Map SettingsSred Drop Counter Dscp Map Dscp List0-63 802.1p Map Settings Priority List0-7Color Safeguard Engine Security Safeguard Engine window IMP Binding Global Settings Trusted HostIP-MAC-Port Binding IMP Binding Port Settings Parameter ACL Mode Trap / Log Dhcp Snoop State Packet Allow Zero IPForward Dhcp Max Entry IMP Binding Entry Settings Ports Dhcp Snooping Entries Port Security Port SettingsPort Security MAC Block List Lock Address Port Security Vlan SettingsAdmin State Max. Learning Vlan ID e.g.1,4-6 Dhcp Server Screening SettingsPort Security Entries Max Learning Dhcp Screening Port Settings Dhcp Offer FilteringParameterDescription Server IP Address 802.1X 802.1X Port-Based and Host-Based Access ControlAuthentication Server Client’s MAC Address Authenticator 16 The Authentication Server Authentication Process Client Port-Based Network Access Control 20 Example of Typical Port-Based Configuration Host-Based Network Access Control 21 Example of Typical Host-Based Configuration 802.1X Global Settings 802.1X Port SettingsPDU ReAuthentication SuppTimeoutServerTimeout QuietPeriod Authentication Radius Server 802.1X User Reauthenticate Ports Initialize PortsConfirm Key Guest Vlan Configuration Limitations Using the Guest Vlan SSL Settings Guest Vlan Download Certificate Ciphersuite CBC SHA EDE CBC SHA SSH Settings SSH Authmode and Algorithm Settings HMAC-MD5 SSH User Authentication ListsHMAC-SHA1 HMAC-RSA Access Authentication Control Host NamePage Authentication Policy Settings Application Authentication Settings Authentication Server Group 37 Authentication Server Group Settings window Authentication Server 38 Authentication Server Group Settings Edit window Login Method Lists Enable Method Lists ParameterDescription Method List NamePriority 1, 2, 3 Local Enable Password Settings 41 Enable Method List window Radius Accounting Settings 42 Local Enable Password window MAC-based Access Control MAC-based Access Control Settings Guest Vlan Name Parameter Description Settings MBA Global StateMethod Guest Vlan ID MAC-based Access Control Local Settings Hold Time Web Authentication Web-based Access Control Settings Conditions and LimitationsParameterDescription State 1440 Authentication Web-based Access Control User SettingsLogout Timer Redirection NetBIOS Filtering NetBIOS Filtering SettingsConfirmation ACL Configuration Wizard Access IDParameterDescription Type Access Profile List OptionApply To Add Access Profile Ethernet Destination MAC Parameter Description Ethernet ACLSource MAC Mask Mask Select ACL Type Access Profile List Ethernet Ethernet Type Replace Priority Parameter Description Access IDVlan Mask Replace Dscp Rx Rate PrecedenceTime Range Counter Destination IP Mask DscpSource IP Mask Icmp Type 11 Access Profile List IPv4 12 Access Profile Details IPv4 Icmp Time Range Name IPv6 TCP Parameter Description IPv6 ClassIPv6 Flow Label IPv6 UDP 17 Access Profile List IPv6 Class Flow Label 20 Access Rule List IPv6 22 Add Packet Content ACL Profile Parameter Description Chunk 23 Access Profile List Packet Content 25 Access Profile Packet Content 26 Access Rule List Packet Content CPU Interface Filtering CPU Access Profile List 28 CPU Access Profile List window Source MAC Mask Destination MACMask 802.1Q Vlan Parameter Description Select Profile ID IPv4 Dscp 209 33 Add CPU ACL Profile window for IPv6 Parameter Description Select Profile Select ACLOffset 37 CPU Access Rule List window for Ethernet 39 CPU Access Rule Detail Information window for Ethernet 40 CPU Access Rule List window for IP 42 CPU Access Rule Detail Information window for IP 45 CPU Access Rule Detail Information window for IPv6 ACL Finder ACL Flow Meter 50 ACL Flow Meter window Mode Cable Diagnostic Device Status Record Number CPU UtilizationParameter Description Time Interval Show/Hide Port Utilization Packet Size Packet Size window Memory Utilization PacketsReceived RX Received RX window for Bytes and Packets UMBcast RX Transmitted TX 12 Transmitted TX window for Bytes and Packets Bytes Errors 14 Received RX window for errors UnderSize CRCErrorSymbol OverSize 16 Transmitted TX window for errors ExDefer Port Access Control Radius Authentication Radius Account Client Retransmissions ServerAddressRequests Responses Auth PAE State Authenticator StateParameter Description MAC Address Backend State Authenticator Statistics 22 Authenticator Statistics window for MAC-based Authenticator Session Statistics Authenticator Diagnostics Connect LogOff Auth TimeoutConnect Enter Auth Enter Browse ARP Table Browse Vlan 27 Browse ARP Table window Show Vlan Ports Browse Igmp Router PortIgmp Snooping Group Igmp Snooping Forwarding Table Browse Igmp Snooping Counter Browse MLD Router Port MLD Snooping Group MLD Snooping Forwarding Table 35 MLD Snooping Group window Browse Session Table Browse MLD Snooping CounterCFM Packet Counter List Browse CFM Fault MEP CFM Packet Counter CCM ListBrowse CFM Port MP List MAC Address Table Browse Vlan Counter StatisticsFunctions used in the MAC address table are described below Browse Ethernet OAM Event Log Browse Ethernet OAM Statistics 46 Browse Ethernet OAM Statistics window Browse Historical Counter Packet/ErrorHistorical Counter & Utilization Minutes/1 Day System Log Browse Historical Utilization Parameter Description Log Type Date-TimeLog Text Save Configuration ID Save Configuration ID 1 window Save Log Save All Configuration File Backup & Restore ResetUpload Log File Reboot System Download Firmware ARP ARP FCS Ethernet frame format Forwarding Table Destination address Source address Ether-type Port2 00-20-5C-01-22-22 How ARP spoofing attacks a network Ethernet Gratuitous ARP Prevent ARP spoofing via packet content ACL Example topology Ethernet Offset Chunk 266 System Log Entries Category Event Description Log Information Severity SSL AAA Page Page Page IP-MAC DOS DDM DGS-3700 Series Trap List Proprietary Trap ListTrap Name/OID Variable Bind Format MIB Name Severity Equipment Glossary Page Password Recovery Procedure Command Parameters Command Parameters