Dell PC6224, PC6224F, PC6224P, PC6248, PC6248P Switching Features

Introduction 23

Switching Features

IPv6 Access Control Lists

An IPv6 ACL consists of a set of rules which are matched sequentially against a packet. When a packet

meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional

rules are not checked for a match.

Access Control List (ACL) Outbound Support

This feature enables binding an ACL (IP, MAC, or IPv6) in outbound direction on physical, LAG, and

VLAN interfaces.

IP Source Guard (IPSG)

IP source guard (IPSG) is a security feature that filters IP packets based on the source ID. The source ID

may either be source IP address or a source IP address source MAC address pair. IPSG is disabled by

default.

DHCP Snooping

DHCP Snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP

server. It filters harmful DHCP messages and builds a bindings database of (MAC address, IP address,

VLAN ID, port) tuples that are specified as authorized. DHCP snooping can be enabled globally and on

specific VLANs. Ports within the VLAN can be configured to be trusted or untrusted. DHCP servers

must be reached through trusted ports.

DHCP L2 Relay

This feature permits L3 Relay agent functionality in L2 switched networks.

Dynamic ARP Inspection

Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. The

feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for

other stations by poisoning the ARP caches of its unsuspecting neighbors. The miscreant sends ARP

requests or responses mapping another station's IP address to its own MAC address.

Dynamic ARP Inspection relies on DHCP Snooping.

MLD Snooping

In IPv4, Layer 2 switches can use IGMP Snooping to limit the flooding of multicast traffic by

dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces

associated with IP multicast ad dress.

In IPv6, MLD snooping performs a similar function. With MLD snooping, IPv6 multicast data is

selectively forwarded to a list of ports intended to receive the data (instead of being flooded to all of the

ports in a VLAN). This list is constructed by snooping IPv6 multicast control packets.

Dell Switching Features