Home » Dell Manuals » Hubs & Switches » Dell PowerConnect 5548 » Manual Viewer

Dell PowerConnect 5548 User Guide - Page 552

Dynamic ARP Inspection Overview

View all Dell PowerConnect 5548 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 552 highlights

Dynamic ARP Inspection Overview ARP Inspection eliminates man-in-the-middle attacks, where false ARP packets are inserted into the subnet. ARP requests and responses are inspected, and their MAC-address-to-IP-address binding is checked according to the ARP Inspection List defined by the user (in the Dynamic ARP Inspection List and Dynamic ARP Inspection Entries pages). If the packet's IP address was not found in the ARP Inspection List, and DHCP Snooping is enabled for a VLAN, a search of the DHCP Snooping database is performed. See "How DHCP Snooping Works" on page 564 for an explanation of the DHCP Snooping database. If the IP address is found the packet is valid, and is forwarded. Packets with invalid ARP Inspection bindings are logged and dropped. Ports are classified as follows: • Trusted - Packets are not inspected. • Untrusted -Packets are inspected as described above. The following additional validation checks may be configured by the user: • Source MAC - Compares the packet's source MAC address in the Ethernet header against the sender's MAC address in the ARP request. This check is performed on both ARP requests and responses. • Destination MAC - Compares the packet's destination MAC address in the Ethernet header against the destination interface's MAC address. This check is performed for ARP responses. • IP Addresses - Compares the ARP body for invalid and unexpected IP addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP Multicast addresses. 552 Dell PowerConnect 55xx Systems User Guide

Section	Page
System User Guide	1
Table of Contents	3
Preface	13
Features	14
IP Version 6 (IPv6) Support	15
Stack Support	15
Power over Ethernet	15
Green Ethernet	16
Head of Line Blocking Prevention	16
Flow Control Support (IEEE 802.3X)	16
Back Pressure Support	16
Virtual Cable Testing (VCT)	17
Auto-Negotiation	17
MDI/MDIX Support	17
MAC Address Supported Features	17
MAC Address Capacity Support	17
Static MAC Entries	18
Self-Learning MAC Addresses	18
Automatic Aging for MAC Addresses	18
VLAN-Aware MAC-Based Switching	18
MAC Multicast Support	18
Layer 2 Features	19
IGMP Snooping	19
Port Mirroring	19
Broadcast Storm Control	19
VLAN Supported Features	20
VLAN Support	20
Port-Based Virtual LANs (VLANs)	20
Full 802.1Q VLAN Tagging Compliance	20
GVRP Support	20
Voice VLAN	20
Guest VLAN	21
Private VLAN	21
Multicast TV VLAN	21
Spanning Tree Protocol Features	21
Spanning Tree Protocol (STP)	21
Fast Link	22
IEEE 802.1w Rapid Spanning Tree	22
IEEE 802.1s Multiple Spanning Tree	22
STP BPDU Guard	22
Link Aggregation	23
Link Aggregation and LACP	23
BootP and DHCP Clients	23
Quality of Service Features	23
Class of Service 802.1p Support	23
Advanced QoS	24
TCP Congestion Avoidance	24
Device Management Features	24
SNMP Alarms and Trap Logs	24
SNMP Versions 1, 2, and 3	25
Web-Based Management	25
Management IP Address Conflict Notification	25
Flow Monitoring (sflow)	25
Configuration File Download and Upload	25
Auto-Update of Configuration/Image File	26
TFTP Trivial File Transfer Protocol	26
USB File Transfer Protocol	26
Remote Monitoring	26
Command Line Interface	26
Syslog	26
SNTP	27
Domain Name System	27
802.1ab (LLDP-MED)	27
Security Features	28
SSL	28
Port-Based Authentication (Dot1x)	28
Locked Port Support	28
RADIUS Client	28
RADIUS Accounting	28
SSH	29
TACACS+	29
Password Management	29
Access Control Lists (ACL)	30
Dynamic ACL/Dynamic Policy Assignment (DACL/DPA)	30
DHCP Snooping	30
ARP Inspection	30
Port Profile (CLI Macro)	30
DHCP Server	31
Protected Ports	31
iSCSI Optimization	31
Proprietary Protocol Filtering	31
DHCP Relay and Option 82	31
Identifying a Switch via LED	32
Hardware Description	33
Device Models	34
Device Structure	34
Front Panel	35
Buttons and LEDs	36
Back Panel	37
Ventilation System	38
LED Definitions	38
System LEDs	38
Port LEDs	40
Power Supplies	42
Stacking Overview	43
Stack Overview	44
Stack Operation Modes	44
Stacking Units	45
Stack Topology	47
Stack Members and Unit IDs	47
Adding a Unit to the Stack	48
Assigning Unit IDs	48
Selecting the Master and Master Backup Units	49
Switching from the Master to the Master Backup	51
Replacing Stacking Members	51
Loading Software onto Stack Members	52
Rebooting the Stack	52
Managing Configuration Files on the Stack	52
Configuring the Switch	54
Configuration Work Flow	55
Connecting the Switch to the Terminal	56
Booting the Switch	57
Configuring the Stack	58
Configuration Using the Setup Wizard	58
Advanced Switch Configuration	63
Using the CLI	64
Command Mode Overview	64
Accessing the Device Through the CLI	67
Direct Connection	67
Telnet Connection	67
Retrieving an IP Address	68
Receiving an IP Address from a DHCP Server	68
Receiving an IP Address From a BOOTP Server	69
Security Management and Password Configuration	71
Configuring an Initial Terminal Password	72
Configuring an Initial Telnet Password	72
Configuring an Initial SSH Password	73
Configuring an Initial HTTP Password	73
Configuring an Initial HTTPS Password	73
Configuring Login Banners	74
Startup Menu Procedures	76
Download Software - Option[1]	76
Erase FLASH File - Option[2]	77
Password Recovery - Option[3]	78
Set Terminal Baud-Rate - Option[4]	78
Stack Menu - Option[5]	78
Software Download	79
Software Auto Synch in Stack	79
System Image Download	79
Boot Image Download	81
Using Dell OpenManage Administrator	83
Starting the Application	84
Understanding the Interface	84
Device Representation	85
Port Representation	85
Using the Switch Administrator Buttons	87
Information Buttons	87
Device Management Icons	87
Field Definitions	89
Common GUI Features	89
GUI Terms	90
CLI Commands	90
Network Security	92
Port Security	93
ACLs	98
ACL Overview	98
MAC-Based ACLs	99
MAC-Based ACEs	101
IPv4-Based ACLs	104
IPv4-Based ACEs	105
IPv6-Based ACLs	112
IPv6-Based ACEs	113
ACL Binding	118
Proprietary Protocol Filtering	120
Time Range	122
Absolute Time Range	123
Time Range Recurrence	124
Dot1x Authentication	127
Port-Based Authentication Overview	127
Dot1x Overview	128
Port-Based Authentication Global	132
Port-Based Authentication Interface Settings	135
Monitoring Users	141
Host Authentication	144
Port Authentication Users	147
Configuring System Information	150
General Switch Information	151
Asset Information	151
System Health	154
Power over Ethernet	157
Time Synchronization	162
Manual Time Settings	162
System Time from an SNTP Server	170
Logs	188
System Log Overview	188
Global Parameters	189
RAM Log	193
Log File (in Flash)	195
Login History	196
Remote Log Server	199
IP Addressing	202
IP Addressing Overview	202
IPv4 Interface Parameters	203
DHCP IPv4 Interface	207
IPv4 Static Routing	210
IPv6 Interfaces	214
IPv6 Default Gateway	219
ISATAP Tunnel	222
IPv6 Neighbors	228
IPv6 Routes Table	232
Domain Name System	235
Default Domain Names	238
Host Name Mapping	240
ARP	242
UDP Relay	245
Diagnostics	248
Integrated Cable Test	249
Optical Transceiver Diagnostics	251
Management Security	254
Access Profiles	254
Profile Rules	259
Authentication Profiles	262
Select Authentication	265
Active Users	268
Local User Database	270
Line Passwords	272
Enable Password	274
TACACS+	275
Password Management	279
RADIUS	284
DHCP Server	290
DHCP Server Overview	290
DHCP Server Properties	291
Network Pool	294
Excluded Addresses	299
Static Hosts	301
Address Binding	305
SNMP	307
SNMP Overview	307
SNMP Global Settings	309
SNMP Views	312
SNMP Access Control (Groups)	315
SNMP User Security Model (Users)	317
SNMP Communities	320
SNMP Notification Filters	323
SNMP Notification Recipients	326
File Management	330
File Management Overview	330
Auto-Update/Configuration Feature	331
2. (Optional) Create a line in the setup file for this device containing the required options and load it on the USB key.	336
3. Load configuration/image files on the USB key as required.	336
4. Insert the USB key in the USB drive and reboot the device.	336
2. Find the line in the setup file relevant to the device—When the correct setup file is found, it is searched for a line relevant to the device, as follows:	337
3. Apply the correct line—When the correct line in the setup file is found, it is applied, as follows:	337
4. Mark the flag in the applied line—When the line is applied (successfully or not), its flag is set, as follows:	337
File Download	344
File Upload	349
Active Images	354
Copy Files	355
File System	359
Stack Management	361
Stack Management Overview	361
Stack Unit ID	361
Versions	364
Reset	365
Unit Identification (Location)	367
sFlow	369
sFlow Overview	369
Workflow	370
sFlow Receiver Settings	371
sFlow Interface Settings	374
sFlow Statistics	376
Ports	378
Overview	379
Auto-Negotiation	379
MDI/MDIX	379
Flow Control	380
Back Pressure	380
Port Default Settings	380
Jumbo Frames	382
Green Ethernet Configuration	384
Green Ethernet Configuration	385
Protected Ports	388
Protected Port Overview	388
Protected Port Restrictions	388
Protected Port Configuration	389
Port Profile	391
Sample CLI Scripts	395
Port Configuration	397
LAG Configuration	403
Storm Control	408
Port Mirroring	411
Address Tables	416
Overview	417
Static Addresses	418
Dynamic Addresses	421
GARP	424
GARP Overview	425
GARP Timers	426
Spanning Tree	428
Spanning Tree Protocol Overview	429
Global Settings	431
STP Port Settings	436
STP LAG Settings	441
Rapid Spanning Tree	444
Multiple Spanning Tree	448
MSTP Overview	449
MSTP Properties	449
VLAN to MSTP Instance	452
MSTP Instance Settings	454
MSTP Interface Settings	456
VLANs	459
Virtual LAN Overview	460
Frame Flow	461
Special-case VLANs	461
QinQ Tagging	462
Port Modes	462
Acceptable Frame Type	464
VLAN Membership	465
Port Settings	468
LAGs Settings	474
Protocol Groups	477
Defining Protocol Groups	478
Protocol Port	481
GVRP Parameters	483
Private VLAN	487
The PVLAN entity is implemented by allocating the following VLANs per PVLAN:	487
Voice VLAN	491
Properties	492
Port Setting	495
OUI	497
Link Aggregation	500
Link Aggregation Overview	501
LACP Parameters	503
LAG Membership	506
Multicast	508
Multicast Support Overview	509
Layer 2 Switching	509
IGMP	510
Global Parameters	511
Bridge Multicast Groups	513
Bridge Multicast Forward All	517
IGMP Snooping	519
Unregistered Multicast	525
Multicast TV VLAN	527
Multicast TV VLAN Overview	527
Multicast TV VLAN Membership	528
Multicast TV VLAN Mapping	529
LLDP	531
LLDP Overview	532
LLDP Properties	533
LLDP Port Settings	537
MED Network Policy	540
LLDP MED Port Settings	543
Neighbors Information	548
Dynamic ARP Inspection	551
Dynamic ARP Inspection Overview	552
Global Settings	553
Dynamic ARP Inspection List	555
Dynamic ARP Inspection Entries	557
VLAN Settings	559
Trusted Interfaces	561
DHCP Snooping	563
DHCP Snooping	564
DHCP Snooping Overview	564
Global Parameters	566
VLAN Settings	570
Trusted Interfaces	572
Snooping Binding Database	573
DHCP Relay	577
DHCP Relay Overview	577
Option 82	579
Configuring Option 82 Using CLI Commands	580
Global Settings	580
Defining Global Parameters Using CLI Commands	581
Interface Settings	582
Defining Interface Settings Using CLI Commands	583
iSCSI Optimization	584
Optimizing iSCSI Overview	585
Optimizing iSCSI	585
Limitations	586
Global Parameters	588
Defining iSCSI Global Parameters Using CLI Commands	589
iSCSI Targets	591
Defining iSCSI Targets Using CLI Commands	592
iSCSI Sessions	593
Configuring iSCSI Using CLI	595
Statistics/RMON	596
Table Views	597
Denied ACEs Counters	598
Utilization Summary	600
Counter Summary	602
Interface Statistics	604
Etherlike Statistics	606
GVRP Statistics	609
EAP Statistics	612
RMON Components	615
Statistics	616
History Control	619
History Table	621
Events Control	624
Events Log	627
Alarms	628
Charts	633
Ports	633
LAGs	635
CPU Utilization	638
Viewing CPU Utilization Using CLI Commands	639
Quality of Service	640
QoS Features and Components	641
QoS Modes	641
General	643
QoS Mode	643
QoS Properties	645
Queue	646
Mapping to Queue	649
Bandwidth	654
TCP Congestion Avoidance	657
QoS Basic Mode	659
Basic Mode Overview	659
Workflow to Configure Basic Mode	659
Global Settings	660
DSCP Rewrite	662
Interface Settings	664
Configuring QoS Basic Mode Using CLI Commands	666
QoS Advanced Mode	668
Advanced Mode Overview	668
Workflow to Configure Advanced QoS Mode	669
DSCP Mapping	670
Class Mapping	672
QoS Policers	675
Policy Binding	686
QoS Statistics	688
Policer Statistics	689
Aggregated Policer	691
Queues Statistics	692
Glossary	695
Index	710