Manuals / TP-Link / Computer Equipment / Switch

TP-Link TL-SG3424P ARP Defend, Required. On the Network Security→IP-MAC, Network Security→ARP

Models: TL-SG3424P

1 263

Download 263 pages 38.92 Kb

Page 175

Configuration Procedure:

Step	Operation	Description

1	Bind the IP address, MAC	Required. On the IP-MAC Binding page, bind the IP
	address, VLAN ID and the	address, MAC address, VLAN ID and the connected Port
	connected Port number of	number of the Host together via Manual Binding, ARP
	the Host together.	Scanning or DHCP Snooping.

2	Enable the protection for the	Required. On the Network Security→IP-MAC
	bound entry.	Binding→Binding Table page, specify a protect type for
		the corresponding bound entry.

3	Specify the trusted port.	Required.	On	the	Network	Security→ARP
		Inspection→ARP Detect page, specify the trusted port.
		The specific ports, such as up-linked port, routing port
		and LAG port, should be set as Trusted Port.

4	Enable ARP Detect feature.	Required.	On	the	Network	Security→ARP
		Inspection→ARP Detect page, enable the ARP Detect
		feature.

12.2.2 ARP Defend

With the ARP Defend enabled, the switch can terminate receiving the ARP packets for 300 seconds when the transmission speed of the legal ARP packet on the port exceeds the defined value so as to avoid ARP Attack flood.

Choose the menu Network Security→ARP Inspection→ARP Defend to load the following page.

166

Image 175

TP-Link TL-SG3424P manual ARP Defend, Required. On the Network Security→IP-MAC, Network Security→ARP

Contents

REV2.0.0 1910010781 TL-SG3424P JetStream L2 Managed PoE SwitchCopyright & Trademarks FCC Statement Safety Information Contents Gvrp VII Viii 177 220 Package Contents Overview of This Guide About this GuideIntended Readers ConventionsSystem Switching Vlan Spanning Tree Multicast QoS PoE ACL Network Security Snmp Return to Contents Main Features Overview of the SwitchIntroduction Front Panel Appearance Description¾ LEDs Status Indication LEDRear Panel Login Login to the SwitchConfiguration Return to Contents ¾ Port Status SystemSystem Info System SummaryStatus PortType SpeedSystem Time Device Description¾ Device Description Daylight Saving Time Date Mode ¾ DST ConfigPredefined Mode Recurring ModeSystem IP ¾ IP ConfigUser Management User ConfigUser Table ¾ User Table User ID, Name, Access Level and status Operation¾ User Info User StatusSystem Tools Config RestoreConfig Backup ¾ Config Restore¾ Config Backup Firmware UpgradeAccess Control Access SecuritySystem Reboot System ResetMAC Address ¾ Access Control Config¾ Session Config IP Address&Mask¾ Access User Number SSL Config¾ Key Download SSH Config¾ Global Config ¾ Certificate DownloadProtocol Idle TimeoutMax Connect ¾ Network Requirements ¾ Configuration ProcedureKey Type DownloadApplication Example 2 for SSH Page Return to Contents Port Select SwitchingPort Config PortFlow Control Port MirrorDescription Speed and DuplexMirrored Port GroupMirroring ModeEgress Port Security¾ Mirrored Port IngressMax Learned MAC ¾ Port SecurityLearned Num Port Isolation ¾ Port Isolation Config¾ Port Isolation List Loopback DetectionForward Portlist Display the forwardlist LAG Operation ModeInterval It’s 3 seconds LAG Table LAG TableMember Static LAG¾ LAG Table Group NumberMember Port Lacp Config¾ Lacp Config 10 Lacp ConfigPort Priority Admin KeyTraffic Monitor Traffic SummaryOctets Tx Packets RxPackets Tx Octets RxTraffic Statistics Address and the port Type Configuration Way Aging outMAC Address BoundRelationship Address TableDisplays the corresponding Vlan ID of the MAC address Static Address¾ Search Option ¾ Address Table¾ Static Address Table ¾ Create Static AddressDynamic Address ¾ Dynamic Address Table ¾ Aging ConfigBind Filtering Address¾ Filtering Address Table ¾ Create Filtering AddressVlan ¾ Link Types of ports 802.1Q Vlan¾ Pvid Select： Vlan Config¾ Vlan Table Vlan ID Select：¾ Vlan Members ¾ Vlan ConfigEnter the ID number of Vlan Is valid or notPort Displays the port number ¾ Vlan Port ConfigStep Operation Description Required. On the VLAN→802.1Q VLAN→Port Config page, set¾ Vlan of Port Vlan DescriptionOptional. On the VLAN→802.1Q VLAN→VLAN Config Required. On the VLAN→802.1Q VLAN→VLAN Config¾ MAC Vlan Table Protocol VlanMAC Select ¾ Encapsulation Format of Ethernet Data 802.3 raw 802.2 LLC Snap Protocol ¾ Protocol Group Table Protocol Group TableProtocol Group Vlan packets are processed in the following wayProtocol Template ¾ Protocol Group Config¾ Protocol Group Member ¾ Create Protocol Template Required. On the VLAN→802.1Q VLAN→Port Config¾ Protocol Template Table Optional. On the VLAN→Protocol VLAN→Protocol Vlan ¾ Network DiagramApplication Example for 802.1Q Vlan Required. On the VLAN→Protocol VLAN→ProtocolOperation Description Required. On VLAN→802.1Q VLAN→Port Config page, configureRequired. On VLAN→802.1Q VLAN→VLAN Config page, create a Application Example for MAC Vlan¾ Network Diagram ¾ Configuration Procedure Application Example for Protocol Vlan Required. On VLAN→Protocol VLAN→Protocol Template On VLAN→Protocol VLAN→Protocol Group page, create protocol Gvrp¾ Gvrp Gvrp Registration ModeConfiguration Procedure ¾ STP Elements Spanning Tree¾ Bpdu Comparing Principle in STP mode ¾ STP Timers¾ STP Generation Tips ： Step Operation¾ Mstp Elements ¾ Rstp Elements¾ Port Roles ¾ Port StatesSTP Config STP ConfigMax Age Forward DelayVersion Hello TimeSTP Summary STP Summary Port ConfigEdge Port PriorityExtPath IntPathMstp Instance Region ConfigPort Status ¾ Region Config Instance ConfigClear Instance Port Config¾ Instance Table InstancePath Cost Instance IDPort Role Port Protect STP Security¾ Bpdu Protect ¾ TC Protect¾ Bpdu Filter Bpdu Protect Loop ProtectRoot Protect TC ProtectTC Protect Application Example for STP FunctionOn Spanning Tree→STP Config→Port Config On Spanning Tree→STP Config→STP ConfigOn Spanning Tree→MSTP Instance→Instance Configure Switch D ¾ Suggestion for Configuration ¾ Multicast Overview Multicast¾ Multicast Address Table ¾ Multicast AddressMulticast IP Port ¾ Igmp Messages Igmp Snooping¾ Igmp Snooping ¾ Igmp Snooping Process¾ Igmp Snooping Fundamentals Snooping ConfigDescription Displays Igmp Snooping status Member ¾ Igmp Snooping StatusFast Leave Igmp SnoopingStatic Router Port Router Port TimeMember Port Time Leave TimeMulticast→IGMP Snooping→Snooping Config and Port ConfigMulticast→IGMP Snooping→VLAN Config Multicast VlanVlan ¾ Multicast VlanMulticast→IGMP Snooping→Multicast Vlan On the Multicast→IGMP Snooping→Snooping ConfigMulticast IP Table Snooping→Port ConfigSnooping→Snooping Config Multicast IPStatic Multicast IP ¾ Static Multicast IP Table Multicast FilterIP-Range ¾ Create Static MulticastEnd Multicast IP Port FilterIP Range ID Start Multicast IPBound IP-Range ID ¾ Port Filter ConfigAction Mode FilterMulticast→Multicast Filter→IP-Range Packet StatisticsMulticast→Multicast Filter→Port Filter ¾ Igmp Statistics QoS ¾ Priority Mode¾ QoS ¾ Schedule Mode 117 Displays the LAG number which the port belongs to ¾ Port Priority ConfigDiffServ Port PriorityRequired. On QoS→DiffServ→Port Priority Required. On QoS→DiffServ→Schedule Mode¾ Dscp Priority Config Dscp Priority¾ Priority Level 3 802.1P/CoS mappingRequired. On QoS→DiffServ→DSCP Priority ¾ Priority and CoS-mapping Config Schedule Mode¾ Schedule Mode Config Rate Limit Bandwidth ControlEgress RateKbps ¾ Rate Limit ConfigStorm Control Ingress Rate KbpsBps ¾ Storm Control ConfigPort Broadcast Rate bps Multicast RateVoice Vlan ¾ Port Voice Vlan ModeNumber OUI Address Vendor Security Packet Type Processing Mode ¾ Security Mode of Voice Vlan12 Global Configuration Global Config13 Port Config Port ModeOUI Config Mask Required. On VLAN→802.1Q VLAN→Port Config page, click¾ Advantage PoE ConfigPoE ¾ CompositionPoE Status PoE ConfigPoE Priority PoE Profile Profile Name PoE Time-RangeTime-Range Summary ¾ PoE ProfilePoE Time-Range Create Delete PoE Holiday ConfigIndex End TimeTime-Range ACL¾ Time-Range Table Holiday Time-Range CreateIndex Displays the index of the time-slice Start Time Holiday Config ACL Config¾ Create ACL ACL SummaryACL Create ¾ Rule TableUser Priority MAC ACLRule ID EtherTypeExtend-IP ACL Standard-IP ACL¾ Create Standard-IP ACL IP ToS ¾ Create Extend-IP ACLIP Protocol TCP Flag ：Policy Summary Policy ConfigPolicy Create ¾ Create Policy Action Create¾ Create Action Binding Table Policy Binding¾ Policy Bind Table Direction Displays the binding direction ¾ Port-Bind ConfigPort Binding Vlan Binding¾ VLAN-Bind Table ¾ VLAN-Bind ConfigApplication Example for ACL Enter the ID of the Vlan you want to bindOn ACL→ACL Config→ACL Create page, create ACL On ACL→ACL Config→Standard-IP ACL page, select ACL IP-MAC Binding Network SecurityManual Binding ¾ Manual Binding Table ¾ Manual Binding OptionEnter the Vlan ID Protect Type Select the Protect Type for the entryARP Scanning Scan Dhcp SnoopingStart IP Address End IP Address¾ Dhcp Working Principle Network diagram for DHCP-snooping implementation¾ Option ¾ Dhcp Cheating Attack Dhcp Cheating Attack Implementation Procedure¾ Dhcp Snooping Config ¾ Port Config Port Select ¾ Option 82 ConfigCustomization Circuit ID Remote ID ¾ Imitating Gateway ARP Inspection¾ Cheating Gateway ¾ Cheating Terminal Hosts 10 ARP Attack Cheating Gateway¾ Man-In-The-Middle Attack ¾ ARP Flooding Attack ¾ ARP Detect ARP Detect¾ Trusted Port Required. On the Network Security→IP-MAC ARP DefendNetwork Security→ARP Defend ¾ ARP DefendCurrent Speed ARP Statistics DoS Defend¾ Illegal ARP Packet DoS Attack Type Description ¾ Defend Table ¾ Configure¾ Architecture of 802.1X Authentication 12.4¾ The Mechanism of an 802.1X Authentication System ¾ 802.1X Authentication Procedure 19 PAP Authentication Procedure ¾ Guest Vlan ¾ 802.1X TimerGuest Vlan ID Authentication Method802.1X Guest VlanServer Timeout Supplicant TimeoutRetry Times Control Type Control Mode¾ Authentication Config Radius ServerRequired. On the Network Security→802.1X→Radius On the Network Security→802.1X→Global ConfigRequired. On the Network Security→802.1X→Port ¾ Snmp Versions Snmp¾ Snmp Overview ¾ Snmp Management Frame¾ MIB Introduction ¾ Snmp Configuration Outline¾ Local Engine Snmp Config¾ Remote Engine View Type Snmp ViewView Name MIB Object IDSnmp Group ¾ Group ConfigSnmp User Privacy Password Auth ModeAuth Password Privacy ModeAccess ¾ Community ConfigSnmp Community ¾ Community Table Required. On the SNMP→SNMP Config→GlobalRequired. On the SNMP→SNMP Config→SNMP MIB ViewNotification On the SNMP→SNMP Config→SNMPRetry TimeoutUDP Port UserRmon Group Function Rmon¾ Notification Table ¾ Rmon GroupHistory Control Event Config¾ History Control Table ¾ Event Table Alarm ConfigRising Threshold Alarm TypeVariable Sample Type194 ¾ Lldpdu Format LldpTLV type TLV Name Description Usage ¾ TLVOrganizationally Specific TLV Basic Management TLVSystem Capabilities TLV Configuration/Status TLVPower Via MDI TLV Port Description TLVLldp Basic ConfigLldp Port Config ¾ Lldp Port ConfigLocal Info Device InfoDetails ¾ Local Info Neighbor Info¾ Neighbor Info ¾ Global Statistics Device StatisticsDiscards ErrorsTransmit Total Receive TotalInventory TLV Extended Power-Via-MDI TLV¾ LLDP-MED Parameters Config Location Identification TLVLLDP-MED Port Configuration ¾ LLDP-MED Port ConfigCivic Address ¾ Included TLVs¾ Location Identification Parameters EmergencyLLDP-MED Local Information LLDP-MED Neighbor Information ¾ Cluster Role Cluster¾ Introduction to Cluster 15.1 NDP¾ Neighbor NDP SummaryReceive NDP Packets Error NDP PacketsAging Time Send NDP PacketsDetail ： NDP ConfigDevice Table EnableDisable NtdpNtdp Summary Ntdp Summary Port Displays the port number of the switchNtdp Hops Ntdp ConfigNtdp Hop Delay Ntdp Interval TimeCluster ClusterCluster Summary ¾ Global¾ Global Config Cluster Cluster Config¾ Role Change ¾ Current RoleApplication Example for Cluster Function 14 Cluster Configuration for Individual SwitchOn Cluster→NTDP→NTDP Config page, enable On Cluster→NDP→NDP Config page, enable NDPOn Cluster→Cluster→Cluster Topology On Cluster→Cluster→Member Config page, selectSystem Monitor MaintenanceCPU Monitor Memory Monitor 16.2 Log Module Log Table¾ Log Info TimeLog Buffer ¾ Local Log ConfigLocal Log Remote Log¾ Log Host Backup LogHost IP Pair Device DiagnosticsError Cable TestLoopback Network DiagnosticsPing Tracert ¾ Ping Config¾ Tracert Config Appendix a Specifications Figure B-2 Appendix B Configuring the PCsNow Hardware Installation Appendix C Load Software Using FTPConfigure the Hyper Terminal 239 Figure C-5 Port Settings Download Firmware via bootUtil menuAre you want to upgrade the firmwareY/N y TP-LINK upgrade You can only use the port 1 to upgradeUser TP-LINK start StartAppendix D 802.1X Client Software Installation Guide244 245 Figure D-7 InstallShield Wizard Complete Uninstall SoftwareFigure D-11 Uninstall Complete Configuration248 Figure D-16 Connection Status FAQ Appendix E Glossary Ieee 802.1D Multicast SwitchingGeneric Multicast Registration Protocol Gmrp Group Attribute Registration Protocol GarpLink Aggregation Port AuthenticationRemote Authentication Dial-in User Service Radius LayerSpanning Tree Algorithm STA Secure Shell SSHSimple Network Management Protocol Snmp Simple Network Time Protocol Sntp