Manuals / Brands / Computer Equipment / Switch / ZyXEL Communications / Computer Equipment / Switch

ZyXEL Communications GS1510-16, GS1510-24 IP Source Guard, 18.1 Overview, 18.2What You Can Do, 18.3What You Need To Know

1 204

Download 204 pages, 3.26 Mb

18

IP Source Guard

18.1 Overview

Use the IP source guard screens to filter unauthorized DHCP and ARP packets in your network. IP source guard uses a binding table to distinguish between the authorized and unauthorized DHCP and ARP packets in your network.

18.2What You Can Do

•Use the DHCP Snooping screens (Section 18.4 on page 107) to filter unauthorized DHCP packets on the network and to build the binding table dynamically.

•Use the ARP Inspection screens (Section 18.6 on page 110) to filter unauthorized ARP packets on the network.

•Use the Binding Table screens (Section 18.7 on page 112) to manually enter static bindings and to convert dynamic bindings to static.

18.3What You Need To Know

A binding in the IP source guard binding table contains these key attributes:

•MAC address

•VLAN ID

•IP address

•Port number

When the Switch receives an ARP packet, it looks up the appropriate MAC address, VLAN ID, IP address, and port number in the binding table. If there is a binding, the Switch forwards the packet. If there is not a binding, the Switch discards the packet.

The Switch builds the binding table by snooping DHCP packets (dynamic bindings) and from information provided manually by administrators (static bindings).

	103
GS1510 Series User’s Guide	103

Contents

Default Login Details Page About This User's Guide Customer Support Document Conventions Icons Used in Figures Safety Warnings Page Contents Overview Page Table of Contents Page Part III: Part IV: Security and Management Page Part VI: Appendices and Index PART Introduction and Hardware Overview Page Getting to Know Your Switch 1.1 Introduction 1.1.1 Backbone Application 1.1.2 Bridging Example 1.1.3 High Performance Switching Example 1.1.4 IEEE 802.1Q VLAN Application Examples 1.1.4.1 Tag-basedVLAN Example 1.2 Good Habits for Managing the Switch Hardware Installation and Connection 2.1 Freestanding Installation 2.2 Mounting the Switch on a Rack 2.2.1Rack-mountedInstallation Requirements 2.2.1.1Precautions 2.2.2Attaching the Mounting Brackets to the Switch 2.2.3Mounting the Switch on a Rack Page Hardware Overview 3.1 Front Panel 3.1.1 Ethernet Ports 3.1.1.1 Default Ethernet Settings 3.1.2Mini-GBICSlots 3.1.2.1 Transceiver Installation 3.1.2.2 Transceiver Removal 3.1.3The RESET Button 3.2 LEDs 3.3 Rear Panel 3.3.1 Power Connector Page Basic Settings Page The Web Configurator 4.1 Introduction 4.2 Device Auto Discovery Utility 4.3 System Login 4.3.1Smart Mode 4.3.1.1 IP Setting 4.3.1.2 EEE (Energy Efficient Ethernet) 4.3.1.3 Web Authentication 4.3.1.4 DHCP Snooping 4.3.1.5 STP (Spanning Tree Protocol) 4.3.2 The Advanced Main Screen 4.3.3 The Navigation Panel Page 4.3.4 Change Your Password 4.4 Saving Your Configuration 4.5 Switch Lockout 4.6Resetting the Switch 4.7 Logging Out of the Web Configurator System 5.1 System Screen Page General Settings 6.1What You Can Do 6.2System 6.3 Jumbo Frame 6.4 SNTP Page MAC Management 7.1 Overview 7.2What You Can Do 7.3What You Need to Know 7.4 Static MAC Settings 7.5 MAC Table Page Port Mirroring 8.1 Port Mirroring Settings Page Port Settings 9.1 Port Settings 9.1.1 Auto Negotiation 9.1.2 Flow Control Page Page Page ART Advanced Settings Page VLAN 10.1 Overview 10.2What You Can Do 10.3What You Need to Know 10.3.1 Introduction to IEEE 802.1Q Tagged VLANs 10.4 Port Isolation Page Page 10.5 VLAN Settings 10.6 Tag Settings 10.7 Port Settings Page EEE 11.1 Overview 11.1.1 EEE Screen Page IGMP Snooping 12.1 Overview 12.2What You Can Do 12.3What You Need to Know 12.3.1 IGMP Snooping and VLANs 12.4 General Settings 12.5 Port Settings Page Link Aggregation 13.1 Overview 13.2What You Can Do 13.3What You Need to Know 13.3.1 Dynamic Link Aggregation 13.4Static Trunk 13.5 LACP Page Loop Guard 14.1 Overview 14.2 What You Need to Know Page 14.3 Loop Guard Page QoS 15.1 Overview 15.2What You Can Do 15.3What You Need to Know 15.3.1 Queuing algorithms 15.4 Port Priority 15.5 IP DiffServ (DSCP) 15.5.1 Differentiated Services Code Point (DSCP) 15.6 Priority/Queue Mapping 15.7 Queuing Method Page Page Storm Control 16.0.1 Broadcast Storm Control Setup Page Spanning Tree Protocol 17.1 Overview 17.2What You Can DO 17.3What You Need to Know 17.3.1 STP Terminology 17.3.2 How STP Works 17.4 General Settings 17.5 STP Status Screen Page Page Security and Management Page IP Source Guard 18.1 Overview 18.2What You Can Do 18.3What You Need To Know 18.3.1 DHCP Snooping Overview 18.3.1.1 Trusted vs. Untrusted Ports 18.3.1.2DHCP Snooping Database 18.3.1.3 Configuring DHCP Snooping 18.3.2 ARP Inspection Overview 18.3.2.1 ARP Inspection and MAC Address Filters 18.3.2.2Trusted vs. Untrusted Ports 18.3.2.3Syslog 18.3.2.4 Configuring ARP Inspection 18.4 DHCP Snooping 18.5 Port Settings Page 18.6 ARP Inspection 18.6.1 Filter Table 18.7 Binding Table 18.7.1 Static Entry Settings Page 18.7.2 Binding Table Page Page 19.1 Overview 19.2What You Can Do 19.3 What You Need to Know 19.3.1 IEEE 802.1x Authentication 19.3.2 Local User Accounts 19.4 Global Settings Page 19.5 Port Settings Page Page Web Authentication 20.1 Overview 20.2What You Can Do 20.3What You Need to Know 20.3.1User Authentication Experience 20.4 Configuration 20.5 Customization Page Page Maintenance 21.1 Overview 21.2What You Can Do 21.3 Configuration 21.3.1 Backup Settings 21.3.2 Upgrade Configuration 21.3.3 Restore Factory Default Settings 21.4 Firmware 21.5 Reboot 21.6System Log 21.6.1 Syslog Page SNMP 22.1 Overview 22.2What You Can Do 22.3What You Need to Know 22.3.1 About SNMP Page 22.3.2 Supported MIBs 22.3.3SNMP Traps 22.4 SNMP Settings 22.5 Community Name Page 22.6 Trap Receiver Page Page User Account 23.1 Overview 23.2User Account Screen Page Troubleshooting & Product Specifications Page Troubleshooting 24.1Power, Hardware Connections, and LEDs 24.2Switch Access and Login Page Page Product Specifications 25.1 General Switch Specifications Page Page Page Page Page Appendices and Index Page Device Auto Discovery Installing the Software Page Page Page Using the Software Page IP Addresses and Subnetting Introduction to IP Addresses Structure Subnet Masks Network Size Notation Subnetting Page Example: Four Subnets Page Example: Eight Subnets Subnet Planning Configuring IP Addresses Private IP Addresses Legal Information Copyright Certifications FCC Warning CE Mark Warning: Taiwanese BSMI (Bureau of Standards, Metrology and Inspection) A Warning: Notices ZyXEL Limited Warranty Page Open Software Announcements End-UserLicense Agreement for “GS1510-16/GS1510-24” Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Index