Manuals / Brands / Computer Equipment / Switch / ZyXEL Communications / Computer Equipment / Switch

ZyXEL Communications GS1510-16, GS1510-24 18.3.1 DHCP Snooping Overview, 18.3.1.1 Trusted vs. Untrusted Ports, 18.3.1.2DHCP Snooping Database

1 204

Download 204 pages, 3.26 Mb

Chapter 18 IP Source Guard

IP source guard consists of the following features:

•DHCP snooping. Use this to filter unauthorized DHCP packets on the network and to build the binding table dynamically.

•ARP inspection. Use this to filter unauthorized ARP packets on the network.

•Static bindings. Use this to create static bindings in the binding table.

If you want to use dynamic bindings to filter unauthorized ARP packets (typical implementation), you have to enable DHCP snooping before you enable ARP inspection.

18.3.1 DHCP Snooping Overview

Use DHCP snooping to filter unauthorized DHCP packets on the network and to build the binding table dynamically. This can prevent clients from getting IP addresses from unauthorized DHCP servers.

18.3.1.1 Trusted vs. Untrusted Ports

Every port is either a trusted port or an untrusted port for DHCP snooping. This setting is independent of the trusted/untrusted setting for ARP inspection.

Trusted ports are connected to DHCP servers or other switches. The Switch learns dynamic bindings from trusted ports.

Note: The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports.

Untrusted ports are connected to subscribers. The Switch discards DHCP packets from untrusted ports in the following situations:

•The packet is a DHCP server packet (for example, OFFER, ACK, or NACK).

•The source MAC address and source IP address in the packet do not match any of the current bindings.

•The packet is a RELEASE or DECLINE packet, and the source MAC address and source port do not match any of the current bindings.

•The rate at which DHCP packets arrive is too high.

18.3.1.2DHCP Snooping Database

The Switch stores the binding table in volatile memory. If the Switch restarts, it loads static bindings from permanent memory but loses the dynamic bindings, in which case the devices in the network have to send DHCP requests again.

104
104	GS1510 Series User’s Guide

Contents

Default Login Details Page About This User's Guide Customer Support Document Conventions Icons Used in Figures Safety Warnings Page Contents Overview Page Table of Contents Page Part III: Part IV: Security and Management Page Part VI: Appendices and Index PART Introduction and Hardware Overview Page Getting to Know Your Switch 1.1 Introduction 1.1.1 Backbone Application 1.1.2 Bridging Example 1.1.3 High Performance Switching Example 1.1.4 IEEE 802.1Q VLAN Application Examples 1.1.4.1 Tag-basedVLAN Example 1.2 Good Habits for Managing the Switch Hardware Installation and Connection 2.1 Freestanding Installation 2.2 Mounting the Switch on a Rack 2.2.1Rack-mountedInstallation Requirements 2.2.1.1Precautions 2.2.2Attaching the Mounting Brackets to the Switch 2.2.3Mounting the Switch on a Rack Page Hardware Overview 3.1 Front Panel 3.1.1 Ethernet Ports 3.1.1.1 Default Ethernet Settings 3.1.2Mini-GBICSlots 3.1.2.1 Transceiver Installation 3.1.2.2 Transceiver Removal 3.1.3The RESET Button 3.2 LEDs 3.3 Rear Panel 3.3.1 Power Connector Page Basic Settings Page The Web Configurator 4.1 Introduction 4.2 Device Auto Discovery Utility 4.3 System Login 4.3.1Smart Mode 4.3.1.1 IP Setting 4.3.1.2 EEE (Energy Efficient Ethernet) 4.3.1.3 Web Authentication 4.3.1.4 DHCP Snooping 4.3.1.5 STP (Spanning Tree Protocol) 4.3.2 The Advanced Main Screen 4.3.3 The Navigation Panel Page 4.3.4 Change Your Password 4.4 Saving Your Configuration 4.5 Switch Lockout 4.6Resetting the Switch 4.7 Logging Out of the Web Configurator System 5.1 System Screen Page General Settings 6.1What You Can Do 6.2System 6.3 Jumbo Frame 6.4 SNTP Page MAC Management 7.1 Overview 7.2What You Can Do 7.3What You Need to Know 7.4 Static MAC Settings 7.5 MAC Table Page Port Mirroring 8.1 Port Mirroring Settings Page Port Settings 9.1 Port Settings 9.1.1 Auto Negotiation 9.1.2 Flow Control Page Page Page ART Advanced Settings Page VLAN 10.1 Overview 10.2What You Can Do 10.3What You Need to Know 10.3.1 Introduction to IEEE 802.1Q Tagged VLANs 10.4 Port Isolation Page Page 10.5 VLAN Settings 10.6 Tag Settings 10.7 Port Settings Page EEE 11.1 Overview 11.1.1 EEE Screen Page IGMP Snooping 12.1 Overview 12.2What You Can Do 12.3What You Need to Know 12.3.1 IGMP Snooping and VLANs 12.4 General Settings 12.5 Port Settings Page Link Aggregation 13.1 Overview 13.2What You Can Do 13.3What You Need to Know 13.3.1 Dynamic Link Aggregation 13.4Static Trunk 13.5 LACP Page Loop Guard 14.1 Overview 14.2 What You Need to Know Page 14.3 Loop Guard Page QoS 15.1 Overview 15.2What You Can Do 15.3What You Need to Know 15.3.1 Queuing algorithms 15.4 Port Priority 15.5 IP DiffServ (DSCP) 15.5.1 Differentiated Services Code Point (DSCP) 15.6 Priority/Queue Mapping 15.7 Queuing Method Page Page Storm Control 16.0.1 Broadcast Storm Control Setup Page Spanning Tree Protocol 17.1 Overview 17.2What You Can DO 17.3What You Need to Know 17.3.1 STP Terminology 17.3.2 How STP Works 17.4 General Settings 17.5 STP Status Screen Page Page Security and Management Page IP Source Guard 18.1 Overview 18.2What You Can Do 18.3What You Need To Know 18.3.1 DHCP Snooping Overview 18.3.1.1 Trusted vs. Untrusted Ports 18.3.1.2DHCP Snooping Database 18.3.1.3 Configuring DHCP Snooping 18.3.2 ARP Inspection Overview 18.3.2.1 ARP Inspection and MAC Address Filters 18.3.2.2Trusted vs. Untrusted Ports 18.3.2.3Syslog 18.3.2.4 Configuring ARP Inspection 18.4 DHCP Snooping 18.5 Port Settings Page 18.6 ARP Inspection 18.6.1 Filter Table 18.7 Binding Table 18.7.1 Static Entry Settings Page 18.7.2 Binding Table Page Page 19.1 Overview 19.2What You Can Do 19.3 What You Need to Know 19.3.1 IEEE 802.1x Authentication 19.3.2 Local User Accounts 19.4 Global Settings Page 19.5 Port Settings Page Page Web Authentication 20.1 Overview 20.2What You Can Do 20.3What You Need to Know 20.3.1User Authentication Experience 20.4 Configuration 20.5 Customization Page Page Maintenance 21.1 Overview 21.2What You Can Do 21.3 Configuration 21.3.1 Backup Settings 21.3.2 Upgrade Configuration 21.3.3 Restore Factory Default Settings 21.4 Firmware 21.5 Reboot 21.6System Log 21.6.1 Syslog Page SNMP 22.1 Overview 22.2What You Can Do 22.3What You Need to Know 22.3.1 About SNMP Page 22.3.2 Supported MIBs 22.3.3SNMP Traps 22.4 SNMP Settings 22.5 Community Name Page 22.6 Trap Receiver Page Page User Account 23.1 Overview 23.2User Account Screen Page Troubleshooting & Product Specifications Page Troubleshooting 24.1Power, Hardware Connections, and LEDs 24.2Switch Access and Login Page Page Product Specifications 25.1 General Switch Specifications Page Page Page Page Page Appendices and Index Page Device Auto Discovery Installing the Software Page Page Page Using the Software Page IP Addresses and Subnetting Introduction to IP Addresses Structure Subnet Masks Network Size Notation Subnetting Page Example: Four Subnets Page Example: Eight Subnets Subnet Planning Configuring IP Addresses Private IP Addresses Legal Information Copyright Certifications FCC Warning CE Mark Warning: Taiwanese BSMI (Bureau of Standards, Metrology and Inspection) A Warning: Notices ZyXEL Limited Warranty Page Open Software Announcements End-UserLicense Agreement for “GS1510-16/GS1510-24” Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Index