¾ ARP Detect, ¾ Trusted Port | TP-Link TL-SG3216 specification

and the connected Port number of the Host together when the Host connects to the switch. Based on the predefined IP-MAC Binding entries, the ARP Inspection functions to detect the ARP packets and filter the illegal ARP packet so as to prevent the network from ARP attacks.

The ARP Inspection function is implemented on the ARP Detect, ARP Defend and ARP Statistics pages.

11.2.1 ARP Detect

ARP Detect feature enables the switch to detect the ARP packets based on the bound entries in the IP-MAC Binding Table and filter the illegal ARP packets, so as to prevent the network from ARP attacks, such as the Network Gateway Spoofing and Man-In-The-Middle Attack, etc.

Choose the menu Network Security→ARP Inspection→ARP Detect to load the following page.

Figure 11-13 ARP Detect

The following entries are displayed on this screen:

¾ARP Detect

ARP Detect:Enable/Disable the ARP Detect function, and click the Apply

button to apply.

¾Trusted Port

Trusted Port:Select the port for which the ARP Detect function is unnecessary

as the Trusted Port. The specific ports, such as up-linked port, routing port and LAG port, should be set as Trusted Port. To ensure the normal communication of the switch, please configure the ARP Trusted Port before enabling the ARP Detect function.

Note:

ARP Detect and ARP Defend cannot be enabled at the same time.

150

Image 157

TP-Link TL-SG3216 manual ¾ ARP Detect, ¾ Trusted Port

Contents

TL-SG3216/TL-SG3424 JetStream L2 Lite Managed Switch Copyright & Trademarks Contents Gvrp 100 VII NDP Package Contents Intended Readers About this GuideConventions Overview of This Guide System Switching Vlan Spanning Tree Multicast QoS ACL Network Security Snmp Cluster Return to Contents Main Features Overview of the SwitchIntroduction Front Panel Appearance Description¾ LEDs Name Status Indication Rear Panel Login Login to the SwitchConfiguration Return to Contents System Info SystemSystem Summary ¾ Port Status Type PortRate Status System Time Device Description¾ Device Description Get GMT Current SystemSynchronize With PC’S Clock System IP ¾ IP Config User Manage User ConfigUser Table ¾ User Info User ID, Name, Access Level and status OperationUser Status ¾ User Table Config Backup Config Restore¾ Config Restore System Tools ¾ Config Backup Firmware Upgrade System Reboot Access SecuritySystem Reset Access Control ¾ Session Config ¾ Access Control ConfigIP Address&Mask MAC Address ¾ Access User Number SSL Config ¾ Global Config SSH Config¾ Certificate Download ¾ Key Download Protocol Idle TimeoutMax Connect Key Type ¾ Configuration ProcedureDownload ¾ Network Requirements Application Example 2 for SSH Page Return to Contents Port Config SwitchingPort Port Select Description Port MirrorSpeed and Duplex Flow Control Group Mirror ModeMirroring Mode ¾ Port Security Port Security Max Learned MAC LAGLearned Num Aggregate Arithmetic LAG Table¾ LAG Table Group Number Detail Information Static LAG ¾ LAG Config Lacp ConfigLAG will delete this LAG Admin Key ¾ Lacp ConfigSystem Priority Port Priority Traffic Summary Traffic Monitor¾ Auto Refresh Traffic Statistics MAC Address Bound MAC address Address TableWay Port ¾ Address Table ¾ Search Option Static Address MAC Address Displays the MAC address learned by the switchDisplays the corresponding Vlan ID of the MAC address ¾ Create Static Address ¾ Static Address Table Dynamic Address ¾ Dynamic Address Table ¾ Aging Config Bind Filtering Address ¾ Filtering Address Table ¾ Create Filtering Address Vlan ¾ Link Types of ports 802.1Q Vlan ¾ Pvid ¾ Vlan Table Vlan ConfigVlan ID Select Description ： Enter the ID number of Vlan ¾ Vlan ConfigIs valid or not ¾ Vlan Members Port Displays the port number ¾ Vlan Port Config Required. On the VLAN→802.1Q VLAN→VLAN Config Required. On the VLAN→802.1Q VLAN→Port Config page, set¾ Vlan of Port Vlan Description MAC Vlan VLAN→VLAN Config ¾ MAC Vlan Table Protocol VlanMAC Select Step Operation Description ¾ Encapsulation Format of Ethernet Data ¾ The Procedure for the Switch to Identify Packet Protocol Encapsulation ¾ The Implementation of Protocol Vlan802.3 raw 802.2 LLC Snap Protocol Vlan packets are processed in the following way Protocol Group Protocol Group Table¾ Protocol Group Table Protocol Template ¾ Protocol Group Config¾ Protocol Group Member Application Example for 802.1Q Vlan Required. On VLAN→802.1Q VLAN→Port Config page, configure ¾ Network Diagram ¾ Configuration ProcedureRequired. On VLAN→802.1Q VLAN→VLAN Config page, create a Application Example for MAC Vlan Application Example for Protocol Vlan ¾ Network Diagram Required. On VLAN→Protocol VLAN→Protocol Template On VLAN→Protocol VLAN→Protocol Group page, create protocol Gvrp ¾ Gvrp Select Port Status Registration Mode ¾ Port Config Configuration Procedure ¾ STP Elements Spanning Tree ¾ Bpdu Comparing Principle in STP mode ¾ STP Timers¾ STP Generation Tips ： Step Operation ¾ Mstp Elements ¾ Rstp Elements ¾ Port Roles ¾ Port States STP Config STP Config Version Forward DelayHello Time Max Age STP Summary Port Config ExtPath PriorityIntPath Edge Port Mstp Instance Region ConfigPort Status ¾ Region Config Instance Config ¾ Instance Table Instance Port ConfigInstance Clear Path Cost Instance IDPort Role Port Protect STP Security ¾ Bpdu Protect ¾ TC Protect¾ Bpdu Filter Root Protect Loop ProtectTC Protect Bpdu Protect TC Protect Application Example for STP Function On Spanning Tree→STP Config→Port Config On Spanning Tree→STP Config→STP ConfigOn Spanning Tree→MSTP Instance→Instance Configure Switch D ¾ Suggestion for Configuration ¾ Multicast Overview Multicast¾ Multicast Address Multicast IP Port ¾ Multicast Address Table ¾ Igmp Snooping Igmp Snooping¾ Igmp Snooping Process ¾ Igmp Messages ¾ Igmp Snooping Fundamentals Snooping Config Description Displays Igmp Snooping status Member ¾ Igmp Snooping Status Fast Leave Igmp Snooping Member Port Time Router Port TimeLeave Time Static Router Port Multicast→IGMP Snooping→VLAN Config Snooping→Snooping Config and Port ConfigMulticast Vlan Displays the Vlan ID ¾ Multicast Vlan Vlan On the Multicast→IGMP Snooping→Snooping ConfigMulticast→IGMP Snooping→Multicast Vlan Snooping→Port Config ¾ Configuration Procedure Step Operation DescriptionSnooping→Snooping Config Multicast IP Static Multicast IP Multicast IP Table ¾ Create Static Multicast Multicast Filter¾ Static Multicast IP Table IP Range ID IP-RangeStart Multicast IP End Multicast IP Action Mode ¾ Port Filter ConfigPort Filter Filter Ports taking up too much bandwidth Packet StatisticsDisplays the LAG number which the port belongs to Multicast→Multicast Filter→IP-Range ¾ Igmp Statistics QoS ¾ Priority Mode¾ QoS 802.1Q frame ¾ Schedule Mode SP-Mode DiffServ ¾ Port Priority ConfigPort Priority Required. On QoS→DiffServ→Schedule Mode Schedule Mode¾ Schedule Mode Config Required. On QoS→DiffServ→Port Priority Dscp Priority 3 802.1P Priority¾ Priority Level Required. On QoS→DiffServ→DSCP Priority ¾ Dscp Priority Config Bandwidth Control ¾ Rate Limit ConfigRate Limit Storm Control ¾ Storm Control Config Broadcast Rate Voice VlanBps Mulitcast Rate TAG ¾ Security Mode of Voice Vlan Security Packet Type Processing Mode Global ConfigEnter the Vlan ID of the voice Vlan Select the desired port for voice Vlan configuration. It is OUI Config Displays the OUI address of the voice device Configuration Procedure of Voice Vlan Time-Range ACLTime-Range Summary Index Time-Range Create Holiday Config ACL Config¾ Create Holiday ¾ Holiday Table ACL Create ACL Summary¾ Rule Table ¾ Create ACL ¾ Create MAC ACL MAC ACLRule ID EtherType Extend-IP ACL Standard-IP ACL¾ Create Standard-IP ACL Time-Range IP Protocol ¾ Create Extend-IP ACLTCP Flag ： Policy Summary Policy Config Action Create Policy Create¾ Create Policy ¾ Create Action Binding Table Policy Binding Vlan Binding Port BindingDirection Displays the binding direction Application Example for ACL ¾ VLAN-Bind ConfigEnter the ID of the Vlan you want to bind ¾ VLAN-Bind Table On ACL→ACL Config→ACL Create page, create ACL On ACL→ACL Config→Standard-IP ACL page, select ACL IP-MAC Binding Network Security Manual Binding Enter the Vlan ID ¾ Manual Binding OptionProtect Type Select the Protect Type for the entry ¾ Manual Binding Table ARP Scanning Start IP Address Dhcp SnoopingEnd IP Address Scan ¾ Dhcp Working Principle Network diagram for DHCP-snooping implementation ¾ Option ¾ Dhcp Cheating Attack Dhcp Cheating Attack Implementation Procedure ¾ Dhcp Snooping Config ¾ Port Config Port Select ¾ Option 82 ConfigCustomization Circuit ID Remote ID ¾ Imitating Gateway ARP Inspection¾ Cheating Gateway ¾ Cheating Terminal Hosts 10 ARP Attack Cheating Gateway ¾ Man-In-The-Middle Attack ¾ ARP Flooding Attack ¾ ARP Detect ARP Detect¾ Trusted Port Required. On the Network Security→IP-MAC ARP DefendNetwork Security→ARP ¾ ARP Defend ARP StatisticsDefend Speed ¾ Illegal ARP Packet DoS Defend DoS Attack Type Description ¾ Architecture of 802.1X Authentication ¾ Configure11.4 ¾ Defend Table ¾ The Mechanism of an 802.1X Authentication System ¾ 802.1X Authentication Procedure ¾ 802.1X Timer ¾ Guest Vlan 802.1X Authentication MethodGuest Vlan Guest Vlan ID Server Timeout Supplicant TimeoutRetry Times Radius Server Control ModeControl Type Authorized Required. On the Network Security→802.1X→Radius On the Network Security→802.1X→Global ConfigRequired. On the Network Security→802.1X→Port ¾ Snmp Overview Snmp¾ Snmp Management Frame ¾ Snmp Versions ¾ MIB Introduction ¾ Snmp Configuration Outline ¾ Local Engine Snmp Config¾ Remote Engine MIB Object ID Snmp ViewView Type View Name Snmp Group ¾ Group Config ¾ Group Table Snmp User Auth Password Auth ModePrivacy Mode Privacy Password Access ¾ Community ConfigSnmp Community Required. On the SNMP→SNMP Config→SNMP Required. On the SNMP→SNMP Config→GlobalMIB View ¾ Community Table Notification On the SNMP→SNMP Config→SNMP UDP Port TimeoutUser Retry ¾ Rmon Group RmonRmon Group Function History Control Event Config¾ History Control Table ¾ Event Table Alarm Config Sample Type VariableRising Threshold Rising Event 179 ¾ Cluster Role Cluster Neighbor Info 13.1 NDP¾ Introduction to Cluster ¾ Neighbor NDP Summary¾ Neighbor Info NDP ¾ Port Status Displays the port number of the switch Enable NDP ConfigDisable ¾ Global Cofig Device Table NtdpDevice MAC Cluster Name Hops Ntdp SummaryNeighbor Info Collect Topology Port Displays the port number of the switch Ntdp Config Ntdp Port Delay Ntdp Hop DelayNtdp Interval Time Ntdp Hops Cluster Summary Cluster¾ Global Cluster ¾ Global Config Cluster Cluster Config ¾ Role Change ¾ Current Role Application Example for Cluster Function On Cluster→NTDP→NTDP Config page, enable On Cluster→NDP→NDP Config page, enable NDP 194 System Monitor MaintenanceCPU Monitor Memory Monitor 14.2 Log Local Log Log Table Remote Log ¾ Local Log ConfigLog Buffer Log File ¾ Log Host Backup LogHost IP Device Diagnose ErrorCable Test Pair Network Diagnose Switch is availableLoopback Ping Tracert ¾ Ping Config 10 Tracert Following entries are displayed on this screen ¾ Tracert Config Appendix a Specifications Appendix B Configuring the PCs 207 Now Hardware Installation Appendix C Load Software using FTPConfigure the Hyper Terminal 210 Figure C-5 Port Settings Download Firmware via bootUtil menu Are you want to upgrade the firmwareY/N y TP-LINK upgrade You can only use the port 1 to upgrade User TP-LINK start Start Appendix D 802.1X Client Software Installation Guide 215 216 Figure D-7 InstallShield Wizard Complete Uninstall Software Figure D-11 Uninstall Complete Configuration 219 Figure D-16 Connection Status FAQ 221 Appendix E Glossary Group Attribute Registration Protocol Garp Multicast SwitchingIeee 802.1D Ieee 802.1Q Remote Authentication Dial-in User Service Radius Port AuthenticationLink Aggregation Link Aggregation Control Protocol Lacp Simple Network Time Protocol Sntp Simple Network Management Protocol SnmpSpanning Tree Algorithm STA Telnet