Manuals / TP-Link / Computer Equipment / Switch

TP-Link TL-SL5428E manual ¾ Port Security

Models: TL-SL5428E

1 259

Download 259 pages 46.72 Kb

Page 41

Note:

1.The LAG member can not be selected as the mirrored port or mirroring port.

2.A port can not be set as the mirrored port and the mirroring port simultaneously.

3.The Port Mirror function can take effect span the multiple VLANs.

5.1.3 Port Security

MAC Address Table maintains the mapping relationship between the port and the MAC address of the connected device, which is the base of the packet forwarding. The capacity of MAC Address Table is fixed. MAC Address Attack is the attack method that the attacker takes to obtain the network information illegally. The attacker uses tools to generate the cheating MAC address and quickly occupy the MAC Address Table. When the MAC Address Table is full, the switch will broadcast the packets to all the ports. At this moment, the attacker can obtain the network information via various sniffers and attacks. When the MAC Address Table is full, the packets traffic will flood to all the ports, which results in overload, lower speed, packets drop and even breakdown of the system.

Port Security is to protect the switch from the malicious MAC Address Attack by limiting the maximum number of MAC addresses that can be learned on the port. The port with Port Security feature enabled will learn the MAC address dynamically. When the learned MAC address number reaches the maximum, the port will stop learning. Thereafter, the other devices with the MAC address unlearned can not access to the network via this port.

Choose the menu Switching→Port→Port Security to load the following page.

Figure 5-3 Port Security

The following entries are displayed on this screen:

¾Port Security

33

Image 41

TP-Link TL-SL5428E manual ¾ Port Security

Contents

Rev 1910010529 Copyright & Trademarks Contents Gvrp TC Protect 101 11.4.1 Ntdp 11.4.2VII Package Contents Intended Readers About this GuideConventions Overview of This GuidePath Switch, which facilitates you to monitor the Igmp messages Return to Contents Introduction Overview of the SwitchMain Features ¾ LEDs Name Status Indication Appearance DescriptionFront Panel Rear Panel Configuration Login to the SwitchLogin Return to Contents System Info SystemSystem Summary ¾ Port StatusPort ¾ Port InfoType Rate¾ Device Description Device Description¾ Bandwidth Utilization ¾ Time Info ¾ Time ConfigSystem Time System IP User Table User Manage¾ User Info User ConfigPassword Config RestoreConfirm Password Retype the password User ID, Name, Access Level and status Operation¾ Config Backup Config BackupFirmware Upgrade System Reset System RebootAccess Control Access Security¾ Session Config ¾ Access Control ConfigIP Address&Mask MAC Address¾ Access User Number SSL Config¾ Global Config SSH Config¾ Certificate Download ¾ Key DownloadMax Connect Idle TimeoutProtocol Key Type ¾ Configuration ProcedureDownload ¾ Network RequirementsApplication Example 2 for SSH Page Return to Contents Port Config SwitchingPort Port SelectDescription Port MirrorSpeed and Duplex Flow Control¾ Mirrored Port ¾ Mirroring PortIngress Egress¾ Port Security Port SecurityLearned Num Port IsolationMax Learned MAC Forward Portlist Select the port that to be forwarded to ¾ Port Isolation Config¾ Port Isolation List Forward Portlist Display the forwardlistLAG Table LAG¾ LAG Table Aggregate ArithmeticGroup Number MemberStatic LAG ¾ LAG ConfigLAG will delete this LAG Lacp ConfigAdmin Key ¾ Lacp ConfigSystem Priority Port Priority¾ Auto Refresh Traffic MonitorTraffic Summary Traffic Statistics MAC Address Relationship Type Configuration Way Aging outBound Address and the port¾ Address Table ¾ Search OptionStatic Address MAC Address Displays the MAC address learned by the switchDisplays the corresponding Vlan ID of the MAC address ¾ Create Static Address¾ Static Address Table Dynamic Address¾ Dynamic Address Table ¾ Aging ConfigBind Filtering Address¾ Filtering Address Table ¾ Create Filtering AddressVlan implementation Vlan¾ Link Types of ports 802.1Q Vlan¾ Pvid Vlan ConfigVlan ID Select ¾ Vlan TableDescription ： Members Operation ：Enter the ID number of Vlan ¾ Vlan ConfigIs valid or not ¾ Vlan MembersPort Displays the port number ¾ Vlan Port ConfigRequired. On the VLAN→802.1Q VLAN→VLAN Config Required. On the VLAN→802.1Q VLAN→Port Config page, set¾ Vlan of Port Vlan DescriptionMAC Vlan Optional. On the VLAN→802.1Q VLAN→VLAN ConfigMAC Select Port Enable¾ MAC Vlan Table Protocol Vlan Required. On the VLAN→MAC VLAN→Port EnableProtocol Template Protocol Vlan¾ Create Protocol Vlan ¾ Protocol Vlan Table¾ Protocol Template Table ¾ Create Protocol TemplateApplication Example for 802.1Q Vlan Required. On VLAN→802.1Q VLAN→VLAN Config page, create a Required. On VLAN→802.1Q VLAN→Port Config page, configureApplication Example for MAC Vlan Operation Description¾ Network Diagram ¾ Configuration Procedure Application Example for Protocol Vlan Required. On VLAN→Protocol VLAN→Protocol Template Protocol type Value On VLAN→Protocol VLAN→Protocol Vlan page, create protocol¾ VPN Up-link Ports VPN ConfigVlan Mapping ¾ Vlan Mapping Table ¾ Vlan Mapping ConfigOptional. On the VLAN→VLAN VPN→VPN Config Required. On the VLAN→VLAN VPN→VPN ConfigRequired. On the VLAN→VLAN VPN→Port Enable Required. On the VLAN→VLAN VPN→VLAN Mapping¾ Garp Gvrp¾ Gvrp Select Port Status Registration Mode ¾ Port ConfigPrivate Vlan Configuration Procedure¾ Private Vlan Implementation ¾ Features of Private Vlan¾ The Elements of a Private Vlan Pvid ¾ Packet forwarding in Private Vlan Pvlan ¾ Private Vlan Table ¾ Create Private VlanPrimary Vlan Secondary VlanRequired. On the VLAN→Private VLAN→Port Configure Port Select the desired port for configuration Port Type¾ Private Vlan Port Table Required. On the VLAN→Private VLAN→PVLANApplication Example for Private Vlan Required. On the VLAN→802.1Q VLAN→VLAN Config page, click ¾ STP Elements Spanning Tree¾ Bpdu Comparing Principle in STP mode ¾ STP TimersStep Operation ¾ STP Generation¾ Mstp Elements Tips：¾ Rstp Elements ¾ Port Roles ¾ Port StatesSTP Config STP ConfigVersion Forward DelayHello Time Max AgeSTP Summary STP Summary Port ConfigExtPath PriorityIntPath Edge PortMstp Instance Region ConfigPort Role Port Status¾ Region Config Instance Config¾ Instance Table Instance Port ConfigInstance ClearPath Cost Instance IDPort Protect STP Security¾ Bpdu Filter ¾ TC Protect¾ Bpdu Protect Root Protect Loop ProtectTC Protect Bpdu Protect11 TC Protect TC ProtectOn Spanning Tree→STP Config→Port Config On Spanning Tree→STP Config→STP ConfigApplication Example for STP Function On Spanning Tree→MSTP Instance→InstanceBridge of Instance Configure Switch D ¾ Suggestion for Configuration ¾ Multicast Address Multicast¾ Multicast Overview Multicast IP Port ¾ Multicast Address Table¾ Igmp Snooping Igmp Snooping¾ Igmp Snooping Process ¾ Igmp Messages¾ Igmp Snooping Fundamentals Snooping ConfigDescription Displays Igmp Snooping status Member ¾ Igmp Snooping StatusFast Leave Igmp SnoopingMember Port Time Router Port TimeLeave Time Static Router PortMulticast→IGMP Snooping→VLAN Config Snooping→Snooping Config and Port ConfigMulticast Vlan Router Port¾ Multicast Vlan Application Example for Multicast Vlan On the Multicast→IGMP Snooping→Snooping ConfigVlan Multicast→IGMP Snooping→Multicast VlanSnooping→Port Config ¾ Configuration Procedure Step Operation DescriptionSnooping→Snooping Config Multicast IPStatic Multicast IP Multicast IP Table¾ Static Multicast IP Table ¾ Create Static MulticastIP-Range Multicast FilterPort Filter ¾ Port Filter ConfigMulticast→Multicast Filter→Port Filter Packet StatisticsMulticast→Multicast Filter→IP-Range ¾ Igmp Statistics ¾ QoS ¾ Priority ModeQoS 802.1Q frame ¾ Schedule ModeSP-Mode DiffServ ¾ Port Priority ConfigPort Priority Displays the LAG number which the port belongs to¾ Schedule Mode Config Schedule Mode¾ Priority Level ¾ 802.1P Priority Config3 802.1P Priority Dscp Priority It ranges from 0 to ¾ Dscp Priority ConfigPriority Level Priority levels are labeled as TC0, TC1, TC2 and TC3Rate Limit ¾ Rate Limit ConfigBandwidth Control Egress Ratebps Storm ControlIngress Rate bps Broadcast Rate ¾ Storm Control ConfigBps Multicast RateNumber OUI Address Vendor ¾ Port Voice Vlan ModeVoice Vlan Packet Type Processing Mode ¾ Security Mode of Voice Vlan12 Global Configuration Global Config13 Port Config Port ModeOUI Config Optional. On QoS→Voice VLAN→OUI Config page, you Required. On VLAN→802.1Q VLAN→Port ConfigRequired. On QoS→Voice VLAN→Port Config Required. On QoS→Voice VLAN→Global ConfigTime-Range ACLTime-Range Summary IndexTime-Range Create Holiday Config ACL Config¾ Create Holiday ¾ Holiday TableACL Create ACL Summary¾ Rule Table ¾ Create ACL¾ Create MAC ACL MAC ACLRule ID EtherType¾ Create Standard-IP ACL Standard-IP ACLFragment Mask¾ Create Extend-IP ACL Extend-IP ACLPolicy Summary Policy ConfigAction Create Policy CreateSelect Policy Desired policy, please click the Delete button¾ Create Action 11 Action CreateBinding Table Policy BindingPort Binding ¾ Policy Bind TableEnter the ID of the Vlan you want to bind Vlan BindingDirection Displays the binding direction ¾ VLAN-Bind Table Application Example for ACLOn ACL→ACL Config→ACL Create page, create ACL On ACL→ACL Config→Standard-IP ACL page, select ACL IP-MAC Binding Network SecurityManual Binding Enter the Vlan ID ¾ Manual Binding OptionProtect Type Select the Protect Type for the entry ¾ Manual Binding TableARP Scanning Start IP Address Dhcp SnoopingEnd IP Address Scan¾ Dhcp Working Principle Network diagram for DHCP-snooping implementation¾ Option ¾ Dhcp Cheating Attack Dhcp Cheating Attack Implementation Procedure163 ¾ Port Config Port Select ¾ Option 82 ConfigDecline Threshold Decline Flow Control Customization Circuit ID Remote ID¾ Cheating Gateway ARP Inspection¾ Imitating Gateway ¾ Cheating Terminal Hosts 10 ARP Attack Cheating Gateway¾ Man-In-The-Middle Attack ¾ ARP Flooding Attack ¾ Trusted Port ARP Detect¾ ARP Detect Network Security→ARP ARP DefendRequired. On the Network Security→IP-MAC ¾ ARP Defend ARP StatisticsDefend Speed¾ Illegal ARP Packet IP Source GuardDoS Defend ¾ IP Source Guard ConfigDoS Attack Type Description DoS Detect DoS DefendDetect Time 11.5Detect Attack Type¾ 802.1X Authentication Procedure ¾ The Mechanism of an 802.1X Authentication System178 179 ¾ Guest Vlan ¾ 802.1X Timer802.1X Authentication MethodGuest Vlan Guest Vlan IDRetry Times Supplicant TimeoutServer Timeout Radius Server Control ModeControl Type Authorized802.1X Client Software On the Network Security→802.1X→Global ConfigRequired. On the Network Security→802.1X→Radius Required. On the Network Security→802.1X→Port¾ Snmp Overview Snmp¾ Snmp Management Frame ¾ Snmp Versions¾ MIB Introduction ¾ Snmp Configuration Outline¾ Remote Engine Snmp Config¾ Local Engine MIB Object ID Snmp ViewView Type View NameSnmp Group ¾ Group Config¾ Group Table Snmp UserAuth Password Auth ModePrivacy Mode Privacy PasswordSnmp Community ¾ Community ConfigAccess Required. On the SNMP→SNMP Config→SNMP Required. On the SNMP→SNMP Config→GlobalMIB View ¾ Community TableNotification On the SNMP→SNMP Config→SNMPUDP Port TimeoutUser RetryRmon Group Function Rmon¾ Rmon Group ¾ History Control Table Event ConfigHistory Control ¾ Event Table Alarm ConfigSample Type VariableRising Threshold Rising Event200 ¾ Cluster Role Cluster¾ Introduction to Cluster 13.1 NDPNeighbor Info ¾ Neighbor Info NDP Summary¾ Neighbor NDP ¾ Port Status Displays the port number of the switchAging Time NDP ConfigDetail ： Ntdp Port Displays the port number of the switchDevice Table Displays NDP status of the current portNtdp Summary Ntdp Summary Ntdp Hops Ntdp ConfigNtdp Interval Time Cluster Summary EnableCluster ¾ Cluster Config ¾ Global Config Cluster¾ Global Cluster ¾ Member Info11 Cluster Summary for Member Switch Switch¾ Role Change Cluster Config¾ Current Role 14 Cluster Configuration for Commander Switch 16 Cluster Configuration for Individual Switch Member Config¾ Create Member Cluster TopologyDevice Name Member MAC¾ Graphic Show 18 Collect TopologyApplication Example for Cluster Function On Cluster→NTDP→NTDP Config page, enable On Cluster→NDP→NDP Config page, enable NDP220 CPU Monitor MaintenanceSystem Monitor Memory Monitor 14.2 Log Log Table ContentTime ModuleLocal Log ¾ Local Log ConfigRemote Log Log BufferHost IP Backup Log¾ Log Host Device Diagnose ¾ Backup LogCable Test ¾ Cable TestSwitch is available ErrorLoopback LengthNetwork Diagnose ¾ Ping ConfigPing TestTracert ¾ Tracert ConfigConfigure the Hyper Terminal System Maintenance via FTPHardware Installation 232 5Port Settings Download Firmware via bootrom menuTP-LINK upgrade You can only use the port 1 to upgrade TP-LINK ifconfig ip 172.31.70.22 mask 255.255.255.0 gatewayTP-LINK start Start User Access Login Appendix a Specifications Configure TCP/IP component Appendix B Configuring the PCs238 Now Appendix C 802.1X Client Software Installation Guide241 242 Figure C-7 InstallShield Wizard Complete Uninstall SoftwareFigure C-10 Uninstall Complete Configuration245 Figure C-15 Connection Status FAQ Appendix D Glossary Group Attribute Registration Protocol Garp Multicast SwitchingIeee 802.1D Ieee 802.1QRemote Authentication Dial-in User Service Radius Port AuthenticationLink Aggregation Link Aggregation Control Protocol LacpSimple Network Time Protocol Sntp Simple Network Management Protocol SnmpSpanning Tree Algorithm STA Telnet