21

DHCP Filtering

This section describes the Dynamic Host Configuration Protocol (DHCP) Filtering feature.

Overview

DHCP filtering provides security by filtering untrusted DHCP messages. An untrusted message is a message that is received from outside the network or firewall, and that can cause traffic attacks within network.

You can use DHCP Filtering as a security measure against unauthorized DHCP servers. A known attack can occur when an unauthorized DHCP server responds to a client that is requesting an IP address. The unauthorized server can configure the gateway for the client to be equal to the IP address of the server. At that point, the client sends all of its IP traffic destined to other networks to the unauthorized machine, giving the attacker the possibility of filtering traffic for passwords or employing a ‘man-in-the-middle’ attack.

DHCP filtering works by allowing the administrator to configure each port as a trusted or untrusted port. The port that has the authorized DHCP server should be configured as a trusted port. Any DHCP responses received on a trusted port will be forwarded. All other ports should be configured as untrusted. Any DHCP (or BootP) responses received on the ingress side will be discarded.

Limitations

Port Channels (LAGs) — If an interface becomes a member of a LAG, DHCP filtering is no longer operationally enabled on the interface. Instead, the interface follows the config- uration of the LAG port. End user configuration for the interface remains unchanged.

When an interface is no longer a member of a LAG, the current end user configuration for that interface automatically becomes effective.

Mirroring — If an interface becomes a probe port, DHCP filtering can no longer become operationally enabled on the interface. End user configuration for the interface remains unchanged. When an interface no longer acts as a probe port, the current end user configu- ration for that interface automatically becomes effective.

Overview 145

Page 145
Image 145
D-Link DWS-3000 manual Dhcp Filtering, Limitations

DWS-3000 specifications

The D-Link DWS-3000 is an advanced cloud-ready wireless switch designed to meet the increasing demands of modern networks. As organizations transition to more mobile and connected environments, the need for robust and scalable networking solutions becomes paramount. The DWS-3000 addresses this need with its range of features, technologies, and specifications tailored for seamless network management.

One of the standout features of the DWS-3000 is its support for centralized management, allowing IT administrators to oversee multiple access points from a single interface. This simplifies the process of provisioning, monitoring, and troubleshooting network devices, ensuring optimal performance and minimizing downtime. The switch's intuitive web interface and support for D-View, D-Link's network management software, enable effective control over network operations.

The DWS-3000 is equipped with advanced security protocols to safeguard sensitive data within the network. It supports WPA3 encryption, which enhances security compared to its predecessor, WPA2. Additionally, features like MAC address filtering, 802.1X authentication, and rogue AP detection provide comprehensive protection against unauthorized access.

In terms of performance, the DWS-3000 leverages high-capacity hardware to support PoE (Power over Ethernet) technology, enabling power delivery to compatible devices without the need for additional cabling. This feature is particularly beneficial for deployment scenarios where cabling infrastructure is limited.

Moreover, the DWS-3000 is built with scalability in mind. It can support a vast number of access points, making it suitable for deployments ranging from small businesses to large enterprises. This scalability, combined with features like load balancing and Band Steering, ensures efficient use of available bandwidth, enhancing user experience.

The switch also offers seamless integration with D-Link’s suite of access points, allowing for simplified deployments in various environments, whether indoor or outdoor. The capabilities of the DWS-3000 extend into a comprehensive analytics engine, which provides insights into network performance and user behavior, aiding in informed decision-making.

With its blend of advanced features, robust security measures, and scalability, the D-Link DWS-3000 is positioned as a powerful solution for organizations looking to elevate their network infrastructure. It empowers businesses to provide reliable, high-performance wireless connectivity while maintaining security and ease of management in today’s dynamic environment.