Manuals / Brands / Computer Equipment / Switch / ZyXEL Communications / Computer Equipment / Switch

ZyXEL Communications GS1510-16, GS1510-24 18.3.2 ARP Inspection Overview, 18.3.1.3 Configuring DHCP Snooping, 18.3.2.1 ARP Inspection and MAC Address Filters

1 204

Download 204 pages, 3.26 Mb

Chapter 18 IP Source Guard

18.3.1.3 Configuring DHCP Snooping

Follow these steps to configure DHCP snooping on the Switch.

1Enable DHCP snooping on the Switch.

2Enable DHCP snooping on each VLAN.

3Configure trusted and untrusted ports.

4Configure static bindings.

18.3.2 ARP Inspection Overview

Use ARP inspection to filter unauthorized ARP packets on the network. This can prevent many kinds of man-in-the-middle attacks, such as the one in the following example.

Figure 54 Example: Man-in-the-middle Attack

AB

X

In this example, computer B tries to establish a connection with computer A. Computer X is in the same broadcast domain as computer A and intercepts the ARP request for computer A. Then, computer X does the following things:

•It pretends to be computer A and responds to computer B.

•It pretends to be computer B and sends a message to computer A.

As a result, all the communication between computer A and computer B passes through computer X. Computer X can read and alter the information passed between them.

18.3.2.1 ARP Inspection and MAC Address Filters

When the Switch identifies an unauthorized ARP packet, it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet. You can configure how long the MAC address filter remains in the Switch.

	105
GS1510 Series User’s Guide	105

Contents

Default Login Details Page About This User's Guide Customer Support Document Conventions Icons Used in Figures Safety Warnings Page Contents Overview Page Table of Contents Page Part III: Part IV: Security and Management Page Part VI: Appendices and Index PART Introduction and Hardware Overview Page Getting to Know Your Switch 1.1 Introduction 1.1.1 Backbone Application 1.1.2 Bridging Example 1.1.3 High Performance Switching Example 1.1.4 IEEE 802.1Q VLAN Application Examples 1.1.4.1 Tag-basedVLAN Example 1.2 Good Habits for Managing the Switch Hardware Installation and Connection 2.1 Freestanding Installation 2.2 Mounting the Switch on a Rack 2.2.1Rack-mountedInstallation Requirements 2.2.1.1Precautions 2.2.2Attaching the Mounting Brackets to the Switch 2.2.3Mounting the Switch on a Rack Page Hardware Overview 3.1 Front Panel 3.1.1 Ethernet Ports 3.1.1.1 Default Ethernet Settings 3.1.2Mini-GBICSlots 3.1.2.1 Transceiver Installation 3.1.2.2 Transceiver Removal 3.1.3The RESET Button 3.2 LEDs 3.3 Rear Panel 3.3.1 Power Connector Page Basic Settings Page The Web Configurator 4.1 Introduction 4.2 Device Auto Discovery Utility 4.3 System Login 4.3.1Smart Mode 4.3.1.1 IP Setting 4.3.1.2 EEE (Energy Efficient Ethernet) 4.3.1.3 Web Authentication 4.3.1.4 DHCP Snooping 4.3.1.5 STP (Spanning Tree Protocol) 4.3.2 The Advanced Main Screen 4.3.3 The Navigation Panel Page 4.3.4 Change Your Password 4.4 Saving Your Configuration 4.5 Switch Lockout 4.6Resetting the Switch 4.7 Logging Out of the Web Configurator System 5.1 System Screen Page General Settings 6.1What You Can Do 6.2System 6.3 Jumbo Frame 6.4 SNTP Page MAC Management 7.1 Overview 7.2What You Can Do 7.3What You Need to Know 7.4 Static MAC Settings 7.5 MAC Table Page Port Mirroring 8.1 Port Mirroring Settings Page Port Settings 9.1 Port Settings 9.1.1 Auto Negotiation 9.1.2 Flow Control Page Page Page ART Advanced Settings Page VLAN 10.1 Overview 10.2What You Can Do 10.3What You Need to Know 10.3.1 Introduction to IEEE 802.1Q Tagged VLANs 10.4 Port Isolation Page Page 10.5 VLAN Settings 10.6 Tag Settings 10.7 Port Settings Page EEE 11.1 Overview 11.1.1 EEE Screen Page IGMP Snooping 12.1 Overview 12.2What You Can Do 12.3What You Need to Know 12.3.1 IGMP Snooping and VLANs 12.4 General Settings 12.5 Port Settings Page Link Aggregation 13.1 Overview 13.2What You Can Do 13.3What You Need to Know 13.3.1 Dynamic Link Aggregation 13.4Static Trunk 13.5 LACP Page Loop Guard 14.1 Overview 14.2 What You Need to Know Page 14.3 Loop Guard Page QoS 15.1 Overview 15.2What You Can Do 15.3What You Need to Know 15.3.1 Queuing algorithms 15.4 Port Priority 15.5 IP DiffServ (DSCP) 15.5.1 Differentiated Services Code Point (DSCP) 15.6 Priority/Queue Mapping 15.7 Queuing Method Page Page Storm Control 16.0.1 Broadcast Storm Control Setup Page Spanning Tree Protocol 17.1 Overview 17.2What You Can DO 17.3What You Need to Know 17.3.1 STP Terminology 17.3.2 How STP Works 17.4 General Settings 17.5 STP Status Screen Page Page Security and Management Page IP Source Guard 18.1 Overview 18.2What You Can Do 18.3What You Need To Know 18.3.1 DHCP Snooping Overview 18.3.1.1 Trusted vs. Untrusted Ports 18.3.1.2DHCP Snooping Database 18.3.1.3 Configuring DHCP Snooping 18.3.2 ARP Inspection Overview 18.3.2.1 ARP Inspection and MAC Address Filters 18.3.2.2Trusted vs. Untrusted Ports 18.3.2.3Syslog 18.3.2.4 Configuring ARP Inspection 18.4 DHCP Snooping 18.5 Port Settings Page 18.6 ARP Inspection 18.6.1 Filter Table 18.7 Binding Table 18.7.1 Static Entry Settings Page 18.7.2 Binding Table Page Page 19.1 Overview 19.2What You Can Do 19.3 What You Need to Know 19.3.1 IEEE 802.1x Authentication 19.3.2 Local User Accounts 19.4 Global Settings Page 19.5 Port Settings Page Page Web Authentication 20.1 Overview 20.2What You Can Do 20.3What You Need to Know 20.3.1User Authentication Experience 20.4 Configuration 20.5 Customization Page Page Maintenance 21.1 Overview 21.2What You Can Do 21.3 Configuration 21.3.1 Backup Settings 21.3.2 Upgrade Configuration 21.3.3 Restore Factory Default Settings 21.4 Firmware 21.5 Reboot 21.6System Log 21.6.1 Syslog Page SNMP 22.1 Overview 22.2What You Can Do 22.3What You Need to Know 22.3.1 About SNMP Page 22.3.2 Supported MIBs 22.3.3SNMP Traps 22.4 SNMP Settings 22.5 Community Name Page 22.6 Trap Receiver Page Page User Account 23.1 Overview 23.2User Account Screen Page Troubleshooting & Product Specifications Page Troubleshooting 24.1Power, Hardware Connections, and LEDs 24.2Switch Access and Login Page Page Product Specifications 25.1 General Switch Specifications Page Page Page Page Page Appendices and Index Page Device Auto Discovery Installing the Software Page Page Page Using the Software Page IP Addresses and Subnetting Introduction to IP Addresses Structure Subnet Masks Network Size Notation Subnetting Page Example: Four Subnets Page Example: Eight Subnets Subnet Planning Configuring IP Addresses Private IP Addresses Legal Information Copyright Certifications FCC Warning CE Mark Warning: Taiwanese BSMI (Bureau of Standards, Metrology and Inspection) A Warning: Notices ZyXEL Limited Warranty Page Open Software Announcements End-UserLicense Agreement for “GS1510-16/GS1510-24” Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Index