Manuals / TP-Link / Computer Equipment / Switch

TP-Link TL-SG3216 ARP Defend, Required. On the Network Security→IP-MAC, Network Security→ARP

Models: TL-SG3216

1 232

Download 232 pages 26.13 Kb

Page 158

Configuration Procedure:

Step	Operation	Description

1	Bind the IP address, MAC	Required. On the IP-MAC Binding page, bind the IP
	address, VLAN ID and the	address, MAC address, VLAN ID and the connected Port
	connected Port number of	number of the Host together via Manual Binding, ARP
	the Host together.	Scanning or DHCP Snooping.

2	Enable the protection for the	Required. On the Network Security→IP-MAC
	bound entry.	Binding→Binding Table page, specify a protect type for
		the corresponding bound entry.

3	Specify the trusted port.	Required.	On	the	Network	Security→ARP
		Inspection→ARP Detect page, specify the trusted port.
		The specific ports, such as up-linked port, routing port
		and LAG port, should be set as Trusted Port.

4	Enable ARP Detect feature.	Required.	On	the	Network	Security→ARP
		Inspection→ARP Detect page, enable the ARP Detect
		feature.

11.2.2 ARP Defend

With the ARP Defend enabled, the switch can terminate receiving the ARP packets for 300 seconds when the transmission speed of the legal ARP packet on the port exceeds the defined value so as to avoid ARP Attack flood.

Choose the menu Network Security→ARP Inspection→ARP Defend to load the following page.

Figure 11-14 ARP Defend

151

Image 158

TP-Link TL-SG3216 manual ARP Defend, Required. On the Network Security→IP-MAC, Network Security→ARP

Contents

TL-SG3216/TL-SG3424 JetStream L2 Lite Managed Switch Copyright & Trademarks Contents Gvrp 100 VII NDP Package Contents Conventions About this GuideIntended Readers Overview of This Guide System Switching Vlan Spanning Tree Multicast QoS ACL Network Security Snmp Cluster Return to Contents Introduction Overview of the SwitchMain Features ¾ LEDs Name Status Indication Appearance DescriptionFront Panel Rear Panel Configuration Login to the SwitchLogin Return to Contents System Summary SystemSystem Info ¾ Port Status Rate PortType Status ¾ Device Description Device DescriptionSystem Time Synchronize With Current SystemGet GMT PC’S Clock ¾ IP Config System IP User Table User ConfigUser Manage User Status User ID, Name, Access Level and status Operation¾ User Info ¾ User Table ¾ Config Restore Config RestoreConfig Backup System Tools Firmware Upgrade ¾ Config Backup System Reset Access SecuritySystem Reboot Access Control IP Address&Mask ¾ Access Control Config¾ Session Config MAC Address SSL Config ¾ Access User Number ¾ Certificate Download SSH Config¾ Global Config ¾ Key Download Max Connect Idle TimeoutProtocol Download ¾ Configuration ProcedureKey Type ¾ Network Requirements Application Example 2 for SSH Page Return to Contents Port SwitchingPort Config Port Select Speed and Duplex Port MirrorDescription Flow Control Mirroring Mirror ModeGroup Mode Port Security ¾ Port Security Learned Num LAGMax Learned MAC ¾ LAG Table LAG TableAggregate Arithmetic Group Number Static LAG Detail Information LAG will delete this LAG Lacp Config¾ LAG Config System Priority ¾ Lacp ConfigAdmin Key Port Priority ¾ Auto Refresh Traffic MonitorTraffic Summary Traffic Statistics MAC Address Way Address TableBound MAC address Port ¾ Search Option ¾ Address Table Displays the corresponding Vlan ID of the MAC address MAC Address Displays the MAC address learned by the switchStatic Address ¾ Create Static Address Dynamic Address ¾ Static Address Table ¾ Aging Config ¾ Dynamic Address Table Filtering Address Bind ¾ Create Filtering Address ¾ Filtering Address Table Vlan 802.1Q Vlan ¾ Link Types of ports ¾ Pvid Vlan ID Select Vlan Config¾ Vlan Table Description ： Is valid or not ¾ Vlan ConfigEnter the ID number of Vlan ¾ Vlan Members ¾ Vlan Port Config Port Displays the port number ¾ Vlan of Port Required. On the VLAN→802.1Q VLAN→Port Config page, setRequired. On the VLAN→802.1Q VLAN→VLAN Config Vlan Description VLAN→VLAN Config MAC Vlan MAC Select Protocol Vlan¾ MAC Vlan Table Step Operation Description ¾ The Procedure for the Switch to Identify Packet Protocol ¾ Encapsulation Format of Ethernet Data 802.3 raw 802.2 LLC Snap Protocol ¾ The Implementation of Protocol VlanEncapsulation Vlan packets are processed in the following way ¾ Protocol Group Table Protocol Group TableProtocol Group ¾ Protocol Group Member ¾ Protocol Group ConfigProtocol Template Application Example for 802.1Q Vlan Required. On VLAN→802.1Q VLAN→VLAN Config page, create a ¾ Network Diagram ¾ Configuration ProcedureRequired. On VLAN→802.1Q VLAN→Port Config page, configure Application Example for MAC Vlan ¾ Network Diagram Application Example for Protocol Vlan Required. On VLAN→Protocol VLAN→Protocol Template Gvrp On VLAN→Protocol VLAN→Protocol Group page, create protocol ¾ Gvrp ¾ Port Config Select Port Status Registration Mode Configuration Procedure Spanning Tree ¾ STP Elements ¾ STP Generation ¾ STP Timers¾ Bpdu Comparing Principle in STP mode Step Operation Tips ： ¾ Rstp Elements ¾ Mstp Elements ¾ Port States ¾ Port Roles STP Config STP Config Hello Time Forward DelayVersion Max Age Port Config STP Summary IntPath PriorityExtPath Edge Port Port Status Region ConfigMstp Instance Instance Config ¾ Region Config Instance Instance Port Config¾ Instance Table Clear Port Role Instance IDPath Cost STP Security Port Protect ¾ Bpdu Filter ¾ TC Protect¾ Bpdu Protect TC Protect Loop ProtectRoot Protect Bpdu Protect Application Example for STP Function TC Protect On Spanning Tree→MSTP Instance→Instance On Spanning Tree→STP Config→STP ConfigOn Spanning Tree→STP Config→Port Config Configure Switch D ¾ Suggestion for Configuration ¾ Multicast Address Multicast¾ Multicast Overview ¾ Multicast Address Table Multicast IP Port ¾ Igmp Snooping Process Igmp Snooping¾ Igmp Snooping ¾ Igmp Messages Snooping Config ¾ Igmp Snooping Fundamentals ¾ Igmp Snooping Status Description Displays Igmp Snooping status Member Igmp Snooping Fast Leave Leave Time Router Port TimeMember Port Time Static Router Port Multicast Vlan Snooping→Snooping Config and Port ConfigMulticast→IGMP Snooping→VLAN Config Displays the Vlan ID ¾ Multicast Vlan Multicast→IGMP Snooping→Multicast Vlan On the Multicast→IGMP Snooping→Snooping ConfigVlan Snooping→Snooping Config ¾ Configuration Procedure Step Operation DescriptionSnooping→Port Config Multicast IP Multicast IP Table Static Multicast IP ¾ Static Multicast IP Table Multicast Filter¾ Create Static Multicast Start Multicast IP IP-RangeIP Range ID End Multicast IP Port Filter ¾ Port Filter ConfigAction Mode Filter Displays the LAG number which the port belongs to Packet StatisticsPorts taking up too much bandwidth Multicast→Multicast Filter→IP-Range ¾ Igmp Statistics ¾ QoS ¾ Priority ModeQoS ¾ Schedule Mode 802.1Q frame SP-Mode Port Priority ¾ Port Priority ConfigDiffServ ¾ Schedule Mode Config Schedule ModeRequired. On QoS→DiffServ→Schedule Mode Required. On QoS→DiffServ→Port Priority ¾ Priority Level 3 802.1P PriorityDscp Priority ¾ Dscp Priority Config Required. On QoS→DiffServ→DSCP Priority Rate Limit ¾ Rate Limit ConfigBandwidth Control ¾ Storm Control Config Storm Control Bps Voice VlanBroadcast Rate Mulitcast Rate ¾ Security Mode of Voice Vlan TAG Enter the Vlan ID of the voice Vlan Global ConfigSecurity Packet Type Processing Mode Select the desired port for voice Vlan configuration. It is OUI Config Configuration Procedure of Voice Vlan Displays the OUI address of the voice device Time-Range Summary ACLTime-Range Index Time-Range Create ¾ Create Holiday ACL ConfigHoliday Config ¾ Holiday Table ¾ Rule Table ACL SummaryACL Create ¾ Create ACL Rule ID MAC ACL¾ Create MAC ACL EtherType ¾ Create Standard-IP ACL Standard-IP ACLExtend-IP ACL Time-Range TCP Flag ： ¾ Create Extend-IP ACLIP Protocol Policy Config Policy Summary ¾ Create Policy Policy CreateAction Create ¾ Create Action Policy Binding Binding Table Direction Displays the binding direction Port BindingVlan Binding Enter the ID of the Vlan you want to bind ¾ VLAN-Bind ConfigApplication Example for ACL ¾ VLAN-Bind Table On ACL→ACL Config→ACL Create page, create ACL On ACL→ACL Config→Standard-IP ACL page, select ACL Network Security IP-MAC Binding Manual Binding Protect Type Select the Protect Type for the entry ¾ Manual Binding OptionEnter the Vlan ID ¾ Manual Binding Table ARP Scanning End IP Address Dhcp SnoopingStart IP Address Scan Network diagram for DHCP-snooping implementation ¾ Dhcp Working Principle ¾ Option Dhcp Cheating Attack Implementation Procedure ¾ Dhcp Cheating Attack ¾ Dhcp Snooping Config Customization Circuit ID Remote ID ¾ Option 82 Config¾ Port Config Port Select ¾ Cheating Gateway ARP Inspection¾ Imitating Gateway 10 ARP Attack Cheating Gateway ¾ Cheating Terminal Hosts ¾ Man-In-The-Middle Attack ¾ ARP Flooding Attack ¾ Trusted Port ARP Detect¾ ARP Detect Network Security→ARP ARP DefendRequired. On the Network Security→IP-MAC Defend ARP Statistics¾ ARP Defend Speed DoS Defend ¾ Illegal ARP Packet DoS Attack Type Description 11.4 ¾ Configure¾ Architecture of 802.1X Authentication ¾ Defend Table ¾ The Mechanism of an 802.1X Authentication System ¾ 802.1X Authentication Procedure ¾ 802.1X Timer ¾ Guest Vlan Guest Vlan Authentication Method802.1X Guest Vlan ID Retry Times Supplicant TimeoutServer Timeout Control Type Control ModeRadius Server Authorized Required. On the Network Security→802.1X→Port On the Network Security→802.1X→Global ConfigRequired. On the Network Security→802.1X→Radius ¾ Snmp Management Frame Snmp¾ Snmp Overview ¾ Snmp Versions ¾ Snmp Configuration Outline ¾ MIB Introduction ¾ Remote Engine Snmp Config¾ Local Engine View Type Snmp ViewMIB Object ID View Name ¾ Group Config Snmp Group Snmp User ¾ Group Table Privacy Mode Auth ModeAuth Password Privacy Password Snmp Community ¾ Community ConfigAccess MIB View Required. On the SNMP→SNMP Config→GlobalRequired. On the SNMP→SNMP Config→SNMP ¾ Community Table On the SNMP→SNMP Config→SNMP Notification User TimeoutUDP Port Retry Rmon Group Function Rmon¾ Rmon Group ¾ History Control Table Event ConfigHistory Control Alarm Config ¾ Event Table Rising Threshold VariableSample Type Rising Event 179 Cluster ¾ Cluster Role ¾ Introduction to Cluster 13.1 NDPNeighbor Info ¾ Neighbor Info NDP Summary¾ Neighbor ¾ Port Status Displays the port number of the switch NDP Disable NDP ConfigEnable ¾ Global Cofig Device MAC NtdpDevice Table Cluster Name Neighbor Info Ntdp SummaryHops Collect Topology Ntdp Config Port Displays the port number of the switch Ntdp Interval Time Ntdp Hop DelayNtdp Port Delay Ntdp Hops ¾ Global ClusterCluster Summary Cluster Cluster Config ¾ Global Config Cluster ¾ Current Role ¾ Role Change Application Example for Cluster Function On Cluster→NDP→NDP Config page, enable NDP On Cluster→NTDP→NTDP Config page, enable 194 CPU Monitor MaintenanceSystem Monitor Memory Monitor 14.2 Log Log Table Local Log Log Buffer ¾ Local Log ConfigRemote Log Log File Host IP Backup Log¾ Log Host Cable Test ErrorDevice Diagnose Pair Loopback Switch is availableNetwork Diagnose Ping ¾ Ping Config Tracert ¾ Tracert Config 10 Tracert Following entries are displayed on this screen Appendix a Specifications Appendix B Configuring the PCs 207 Now Configure the Hyper Terminal Appendix C Load Software using FTPHardware Installation 210 Download Firmware via bootUtil menu Figure C-5 Port Settings TP-LINK upgrade You can only use the port 1 to upgrade Are you want to upgrade the firmwareY/N y TP-LINK start Start User Installation Guide Appendix D 802.1X Client Software 215 216 Uninstall Software Figure D-7 InstallShield Wizard Complete Configuration Figure D-11 Uninstall Complete 219 FAQ Figure D-16 Connection Status 221 Appendix E Glossary Ieee 802.1D Multicast SwitchingGroup Attribute Registration Protocol Garp Ieee 802.1Q Link Aggregation Port AuthenticationRemote Authentication Dial-in User Service Radius Link Aggregation Control Protocol Lacp Spanning Tree Algorithm STA Simple Network Management Protocol SnmpSimple Network Time Protocol Sntp Telnet