Manuals / TP-Link / Computer Equipment / Switch

TP-Link TL-SG3216 manual ¾ ARP Detect, ¾ Trusted Port

Models: TL-SG3216

1 232

Download 232 pages 26.13 Kb

Page 157

and the connected Port number of the Host together when the Host connects to the switch. Based on the predefined IP-MAC Binding entries, the ARP Inspection functions to detect the ARP packets and filter the illegal ARP packet so as to prevent the network from ARP attacks.

The ARP Inspection function is implemented on the ARP Detect, ARP Defend and ARP Statistics pages.

11.2.1 ARP Detect

ARP Detect feature enables the switch to detect the ARP packets based on the bound entries in the IP-MAC Binding Table and filter the illegal ARP packets, so as to prevent the network from ARP attacks, such as the Network Gateway Spoofing and Man-In-The-Middle Attack, etc.

Choose the menu Network Security→ARP Inspection→ARP Detect to load the following page.

Figure 11-13 ARP Detect

The following entries are displayed on this screen:

¾ARP Detect

ARP Detect:Enable/Disable the ARP Detect function, and click the Apply

button to apply.

¾Trusted Port

Trusted Port:Select the port for which the ARP Detect function is unnecessary

as the Trusted Port. The specific ports, such as up-linked port, routing port and LAG port, should be set as Trusted Port. To ensure the normal communication of the switch, please configure the ARP Trusted Port before enabling the ARP Detect function.

Note:

ARP Detect and ARP Defend cannot be enabled at the same time.

150

Image 157

TP-Link TL-SG3216 manual ¾ ARP Detect, ¾ Trusted Port

Contents

TL-SG3216/TL-SG3424 JetStream L2 Lite Managed Switch Copyright & Trademarks Contents Gvrp 100 VII NDP Package Contents Intended Readers About this GuideConventions Overview of This GuideSystem Switching Vlan Spanning Tree Multicast QoS ACL Network Security Snmp Cluster Return to Contents Main Features Overview of the SwitchIntroduction Front Panel Appearance Description¾ LEDs Name Status Indication Rear Panel Login Login to the SwitchConfiguration Return to Contents System Info SystemSystem Summary ¾ Port StatusType PortRate StatusSystem Time Device Description¾ Device Description Get GMT Current SystemSynchronize With PC’S ClockSystem IP ¾ IP ConfigUser Manage User ConfigUser Table ¾ User Info User ID, Name, Access Level and status OperationUser Status ¾ User TableConfig Backup Config Restore¾ Config Restore System Tools¾ Config Backup Firmware UpgradeSystem Reboot Access SecuritySystem Reset Access Control¾ Session Config ¾ Access Control ConfigIP Address&Mask MAC Address¾ Access User Number SSL Config¾ Global Config SSH Config¾ Certificate Download ¾ Key DownloadProtocol Idle TimeoutMax Connect Key Type ¾ Configuration ProcedureDownload ¾ Network RequirementsApplication Example 2 for SSH Page Return to Contents Port Config SwitchingPort Port SelectDescription Port MirrorSpeed and Duplex Flow ControlGroup Mirror ModeMirroring Mode¾ Port Security Port SecurityMax Learned MAC LAGLearned Num Aggregate Arithmetic LAG Table¾ LAG Table Group NumberDetail Information Static LAG¾ LAG Config Lacp ConfigLAG will delete this LAG Admin Key ¾ Lacp ConfigSystem Priority Port PriorityTraffic Summary Traffic Monitor¾ Auto Refresh Traffic Statistics MAC Address Bound MAC address Address TableWay Port¾ Address Table ¾ Search OptionStatic Address MAC Address Displays the MAC address learned by the switchDisplays the corresponding Vlan ID of the MAC address ¾ Create Static Address¾ Static Address Table Dynamic Address¾ Dynamic Address Table ¾ Aging ConfigBind Filtering Address¾ Filtering Address Table ¾ Create Filtering AddressVlan ¾ Link Types of ports 802.1Q Vlan¾ Pvid ¾ Vlan Table Vlan ConfigVlan ID Select Description ：Enter the ID number of Vlan ¾ Vlan ConfigIs valid or not ¾ Vlan MembersPort Displays the port number ¾ Vlan Port ConfigRequired. On the VLAN→802.1Q VLAN→VLAN Config Required. On the VLAN→802.1Q VLAN→Port Config page, set¾ Vlan of Port Vlan DescriptionMAC Vlan VLAN→VLAN Config¾ MAC Vlan Table Protocol VlanMAC Select Step Operation Description¾ Encapsulation Format of Ethernet Data ¾ The Procedure for the Switch to Identify Packet ProtocolEncapsulation ¾ The Implementation of Protocol Vlan802.3 raw 802.2 LLC Snap Protocol Vlan packets are processed in the following wayProtocol Group Protocol Group Table¾ Protocol Group Table Protocol Template ¾ Protocol Group Config¾ Protocol Group Member Application Example for 802.1Q Vlan Required. On VLAN→802.1Q VLAN→Port Config page, configure ¾ Network Diagram ¾ Configuration ProcedureRequired. On VLAN→802.1Q VLAN→VLAN Config page, create a Application Example for MAC Vlan Application Example for Protocol Vlan ¾ Network DiagramRequired. On VLAN→Protocol VLAN→Protocol Template On VLAN→Protocol VLAN→Protocol Group page, create protocol Gvrp¾ Gvrp Select Port Status Registration Mode ¾ Port ConfigConfiguration Procedure ¾ STP Elements Spanning Tree¾ Bpdu Comparing Principle in STP mode ¾ STP Timers¾ STP Generation Tips ： Step Operation¾ Mstp Elements ¾ Rstp Elements¾ Port Roles ¾ Port StatesSTP Config STP ConfigVersion Forward DelayHello Time Max AgeSTP Summary Port ConfigExtPath PriorityIntPath Edge PortMstp Instance Region ConfigPort Status ¾ Region Config Instance Config¾ Instance Table Instance Port ConfigInstance ClearPath Cost Instance IDPort Role Port Protect STP Security¾ Bpdu Protect ¾ TC Protect¾ Bpdu Filter Root Protect Loop ProtectTC Protect Bpdu ProtectTC Protect Application Example for STP FunctionOn Spanning Tree→STP Config→Port Config On Spanning Tree→STP Config→STP ConfigOn Spanning Tree→MSTP Instance→Instance Configure Switch D ¾ Suggestion for Configuration ¾ Multicast Overview Multicast¾ Multicast Address Multicast IP Port ¾ Multicast Address Table¾ Igmp Snooping Igmp Snooping¾ Igmp Snooping Process ¾ Igmp Messages¾ Igmp Snooping Fundamentals Snooping ConfigDescription Displays Igmp Snooping status Member ¾ Igmp Snooping StatusFast Leave Igmp SnoopingMember Port Time Router Port TimeLeave Time Static Router PortMulticast→IGMP Snooping→VLAN Config Snooping→Snooping Config and Port ConfigMulticast Vlan Displays the Vlan ID¾ Multicast Vlan Vlan On the Multicast→IGMP Snooping→Snooping ConfigMulticast→IGMP Snooping→Multicast Vlan Snooping→Port Config ¾ Configuration Procedure Step Operation DescriptionSnooping→Snooping Config Multicast IPStatic Multicast IP Multicast IP Table¾ Create Static Multicast Multicast Filter¾ Static Multicast IP Table IP Range ID IP-RangeStart Multicast IP End Multicast IPAction Mode ¾ Port Filter ConfigPort Filter FilterPorts taking up too much bandwidth Packet StatisticsDisplays the LAG number which the port belongs to Multicast→Multicast Filter→IP-Range¾ Igmp Statistics QoS ¾ Priority Mode¾ QoS 802.1Q frame ¾ Schedule ModeSP-Mode DiffServ ¾ Port Priority ConfigPort Priority Required. On QoS→DiffServ→Schedule Mode Schedule Mode¾ Schedule Mode Config Required. On QoS→DiffServ→Port PriorityDscp Priority 3 802.1P Priority¾ Priority Level Required. On QoS→DiffServ→DSCP Priority ¾ Dscp Priority ConfigBandwidth Control ¾ Rate Limit ConfigRate Limit Storm Control ¾ Storm Control ConfigBroadcast Rate Voice VlanBps Mulitcast RateTAG ¾ Security Mode of Voice VlanSecurity Packet Type Processing Mode Global ConfigEnter the Vlan ID of the voice Vlan Select the desired port for voice Vlan configuration. It is OUI Config Displays the OUI address of the voice device Configuration Procedure of Voice VlanTime-Range ACLTime-Range Summary IndexTime-Range Create Holiday Config ACL Config¾ Create Holiday ¾ Holiday TableACL Create ACL Summary¾ Rule Table ¾ Create ACL¾ Create MAC ACL MAC ACLRule ID EtherTypeExtend-IP ACL Standard-IP ACL¾ Create Standard-IP ACL Time-RangeIP Protocol ¾ Create Extend-IP ACLTCP Flag ： Policy Summary Policy ConfigAction Create Policy Create¾ Create Policy ¾ Create ActionBinding Table Policy BindingVlan Binding Port BindingDirection Displays the binding direction Application Example for ACL ¾ VLAN-Bind ConfigEnter the ID of the Vlan you want to bind ¾ VLAN-Bind TableOn ACL→ACL Config→ACL Create page, create ACL On ACL→ACL Config→Standard-IP ACL page, select ACL IP-MAC Binding Network SecurityManual Binding Enter the Vlan ID ¾ Manual Binding OptionProtect Type Select the Protect Type for the entry ¾ Manual Binding TableARP Scanning Start IP Address Dhcp SnoopingEnd IP Address Scan¾ Dhcp Working Principle Network diagram for DHCP-snooping implementation¾ Option ¾ Dhcp Cheating Attack Dhcp Cheating Attack Implementation Procedure¾ Dhcp Snooping Config ¾ Port Config Port Select ¾ Option 82 ConfigCustomization Circuit ID Remote ID ¾ Imitating Gateway ARP Inspection¾ Cheating Gateway ¾ Cheating Terminal Hosts 10 ARP Attack Cheating Gateway¾ Man-In-The-Middle Attack ¾ ARP Flooding Attack ¾ ARP Detect ARP Detect¾ Trusted Port Required. On the Network Security→IP-MAC ARP DefendNetwork Security→ARP ¾ ARP Defend ARP StatisticsDefend Speed¾ Illegal ARP Packet DoS DefendDoS Attack Type Description ¾ Architecture of 802.1X Authentication ¾ Configure11.4 ¾ Defend Table¾ The Mechanism of an 802.1X Authentication System ¾ 802.1X Authentication Procedure ¾ 802.1X Timer ¾ Guest Vlan 802.1X Authentication MethodGuest Vlan Guest Vlan IDServer Timeout Supplicant TimeoutRetry Times Radius Server Control ModeControl Type AuthorizedRequired. On the Network Security→802.1X→Radius On the Network Security→802.1X→Global ConfigRequired. On the Network Security→802.1X→Port ¾ Snmp Overview Snmp¾ Snmp Management Frame ¾ Snmp Versions¾ MIB Introduction ¾ Snmp Configuration Outline¾ Local Engine Snmp Config¾ Remote Engine MIB Object ID Snmp ViewView Type View NameSnmp Group ¾ Group Config¾ Group Table Snmp UserAuth Password Auth ModePrivacy Mode Privacy PasswordAccess ¾ Community ConfigSnmp Community Required. On the SNMP→SNMP Config→SNMP Required. On the SNMP→SNMP Config→GlobalMIB View ¾ Community TableNotification On the SNMP→SNMP Config→SNMPUDP Port TimeoutUser Retry¾ Rmon Group RmonRmon Group Function History Control Event Config¾ History Control Table ¾ Event Table Alarm ConfigSample Type VariableRising Threshold Rising Event179 ¾ Cluster Role ClusterNeighbor Info 13.1 NDP¾ Introduction to Cluster ¾ Neighbor NDP Summary¾ Neighbor Info NDP ¾ Port Status Displays the port number of the switchEnable NDP ConfigDisable ¾ Global CofigDevice Table NtdpDevice MAC Cluster NameHops Ntdp SummaryNeighbor Info Collect TopologyPort Displays the port number of the switch Ntdp ConfigNtdp Port Delay Ntdp Hop DelayNtdp Interval Time Ntdp HopsCluster Summary Cluster¾ Global Cluster¾ Global Config Cluster Cluster Config¾ Role Change ¾ Current RoleApplication Example for Cluster Function On Cluster→NTDP→NTDP Config page, enable On Cluster→NDP→NDP Config page, enable NDP194 System Monitor MaintenanceCPU Monitor Memory Monitor 14.2 Log Local Log Log TableRemote Log ¾ Local Log ConfigLog Buffer Log File¾ Log Host Backup LogHost IP Device Diagnose ErrorCable Test PairNetwork Diagnose Switch is availableLoopback PingTracert ¾ Ping Config10 Tracert Following entries are displayed on this screen ¾ Tracert ConfigAppendix a Specifications Appendix B Configuring the PCs 207 Now Hardware Installation Appendix C Load Software using FTPConfigure the Hyper Terminal 210 Figure C-5 Port Settings Download Firmware via bootUtil menuAre you want to upgrade the firmwareY/N y TP-LINK upgrade You can only use the port 1 to upgradeUser TP-LINK start StartAppendix D 802.1X Client Software Installation Guide215 216 Figure D-7 InstallShield Wizard Complete Uninstall SoftwareFigure D-11 Uninstall Complete Configuration219 Figure D-16 Connection Status FAQ221 Appendix E Glossary Group Attribute Registration Protocol Garp Multicast SwitchingIeee 802.1D Ieee 802.1QRemote Authentication Dial-in User Service Radius Port AuthenticationLink Aggregation Link Aggregation Control Protocol LacpSimple Network Time Protocol Sntp Simple Network Management Protocol SnmpSpanning Tree Algorithm STA Telnet