D-Link DGS-3120-24TC Product Manual - Page 258
Safeguard Engine Settings, IPv4 Address, IPv6 Address EI Mode, Net Mask, Access Interface, Delete All
View all D-Link DGS-3120-24TC manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 258 highlights
xStack® DGS-3120 Series Managed Switch Web UI Reference Guide Figure 8-63 Trusted Host window (EI Mode Only) When the user clicks the Edit button, one will be able to edit the service allowed to the selected host. The fields that can be configured are described below: Parameter Description IPv4 Address Enter an IPv4 address to add to the trusted host list. IPv6 Address (EI Mode Enter an IPv6 address to add to the trusted host list. Only) Net Mask Enter a Net Mask address to add to the trusted host list. Access Interface Tick the check boxes to select services that will be allowed to the trusted host. Click the Add button to add a new entry based on the information entered. Click the Delete All button to remove all the entries listed. Safeguard Engine Settings Periodically, malicious hosts on the network will attack the Switch by utilizing packet flooding (ARP Storm) or other methods. These attacks may increase the switch load beyond its capability. To alleviate this problem, the Safeguard Engine function was added to the Switch's software. The Safeguard Engine can help the overall operability of the Switch by minimizing the workload of the Switch while the attack is ongoing, thus making it capable to forward essential packets over its network in a limited bandwidth. The Safeguard Engine has two operating modes that can be configured by the user, Strict and Fuzzy. In Strict mode, when the Switch either (a) receives too many packets to process or (b) exerts too much memory, it will enter the Exhausted mode. When in this mode, the Switch will drop all ARP and IP broadcast packets and packets from un-trusted IP addresses for a calculated time interval. Every five seconds, the Safeguard Engine will check to see if there are too many packets flooding the Switch. If the threshold has been crossed, the Switch will initially stop all ingress ARP and IP broadcast packets and packets from un-trusted IP addresses for five seconds. After another five-second checking interval arrives, the Switch will again check the ingress flow of packets. If the flooding has 250