Home » Linksys Manuals » Hubs & Switches » Linksys SGE2000 » Manual Viewer

Linksys SGE2000 Cisco Small Business SFE/SGE2xxx Series Managed Switches Admin - Page 150

Defining Dynamic ARP Inspection, Dynamic Address Resolution Protocol, Source MAC, Destination MAC

UPC - 745883572120

View all Linksys SGE2000 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 150 highlights

Configuring Device Security Defining Dynamic ARP Inspection - Resource Problem - Indicates that the TCAM is full. STEP 4 Click Apply. The device is updated. 4 Defining Dynamic ARP Inspection Dynamic Address Resolution Protocol (ARP) is a TCP/IP protocol for translating IP addresses into MAC addresses. Classic ARP does the following: • Permits two hosts on the same network to communicates and send packets. • Permits two hosts on different packets to communicate via a gateway. • Permits routers to send packets via a host to a different router on the same network. • Permits routers to send packets to a destination host via a local host. ARP Inspection intercepts, discards, and logs ARP packets that contain invalid IPto-MAC address bindings. This eliminates man-in-the-middle attacks, where false ARP packets are inserted into the subnet. Packets are classified as: • Trusted - Indicates that the interface IP and MAC address are recognized, and recorded in the ARP Inspection List. Trusted packets are forward without ARP Inspection. • Untrusted - Indicates that the packet arrived from an interface that does not have a recognized IP and MAC addresses. The packet is checked for: - Source MAC - Compares the packet's source MAC address in the Ethernet header against the sender's MAC address in the ARP request. This check is performed on both ARP requests and responses. - Destination MAC - Compares the packet's destination MAC address in the Ethernet header against the destination interface's MAC address. This check is performed for ARP responses. - IP Addresses - Checks the ARP body for invalid and unexpected IP addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP Multicast addresses. If the packet's IP address was not found in the ARP Inspection List, and DHCP snooping is enabled for a VLAN, a search of the DHCP Snooping Database is performed. If the IP address is found, the packet is valid and is forwarded. Cisco Small Business SFE/SGE Managed Switches Administration Guide 141

Section	Page
Cisco Small Business	1
ADMINISTRATION GUIDE	1
Contents	3
Getting Started	10
Starting the Application	10
Understanding the Interface	12
Using the Cisco Management Buttons	14
Using Screen and Table Options	14
Adding Device Information	14
Modifying Device Information	15
Deleting Device Information	16
Logging Off of the Device	16
The About Page	16
Managing Device Information	18
Defining System Information	18
Managing Stacking	20
Understanding Switch Operating Modes	20
Stand-alone Mode	21
Stack Mode	21
Configuring a Stack	21
Stack Membership	23
Defining Stacking Unit ID	24
Master-enabled Units and Force Master	24
Stacking Member Unit IDs	24
Factory Default Units	25
Unit ID Validity Rules	25
Automatic Unit ID Assignment	25
Manual Unit ID Assignment	25
Unit ID Conflict Resolution	26
Master Election	28
Master Election Candidate Eligibility	28
Master Election Selection Rules	28
Master Election Backup Unit Selection Rules	29
Recommended Procedures for Building a Stack	29
Adding, Replacing and Removing Stacking Members - Examples	30
Managing Stacks	32
Viewing Device Health	34
Resetting the Device	35
Defining Bonjour	36
Disabling Bonjour	38
TCAM Utilization	39
Configuring System Time	42
Defining System Time	42
Defining SNTP Settings	45
Defining SNTP Authentication	48
Configuring Device Security	50
Passwords Management	50
Modifying the Local User Settings	52
Defining Authentication	53
Defining Profiles	53
Modifying an Authentication Profile	56
Mapping Authentication Profiles	57
Defining TACACS+	59
Modifying TACACS+ Settings	62
Defining RADIUS	64
Modifying RADIUS Server Settings	68
Defining Access Methods	69
Defining Access Profiles	70
Defining Profile Rules	74
Adding Profile Rules	76
Modifying Profile Rules	79
Defining Traffic Control	81
Defining Storm Control	82
Modifying Storm Control	83
Defining Port Security	85
Modifying Port Security	88
Defining 802.1X	89
Defining 802.1X Properties	90
Defining Port Authentication	91
Modifying 8021X Security	94
Defining Authentication	96
Modifying Authentication Settings	98
Defining Authenticated Hosts	100
Defining Access Control	101
Defining MAC Based ACL	101
Adding Rule to MAC Based ACL	105
Modifying MAC Based ACL	107
Defining IP Based ACL	109
Modifying IP Based ACL	115
Defining Rules Associated with IP-ACL	117
Defining IPv6 Based ACLs	121
Modifying IPv6 Based ACL	128
Defining ACL Binding	130
Modifying ACL Binding	131
Defining DoS Prevention	132
DoS Global Settings	132
Defining Martian Addresses	134
Defining DHCP Snooping	136
Defining DHCP Snooping Properties	137
Defining DHCP Snooping on VLANs	138
Defining Trusted Interfaces	139
Trusted Interface Table	140
Binding Addresses to the DHCP Snooping Database	141
Query By	142
Query Results	143
Defining IP Source Guard	144
Configuring IP Source Guard Properties	144
Defining IP Source Guard Interface Settings	145
Querying the IP Source Binding Database	147
TCAM Resources	148
Query By	148
Query Results	149
Defining Dynamic ARP Inspection	150
Defining ARP Inspection Properties	151
Defining ARP Inspection Trusted Interfaces	153
Defining ARP Inspection List	155
Static ARP Table	156
Assigning ARP Inspection VLAN Settings	157
Enabled VLAN Table	158
Configuring Ports	160
Configuring Ports Settings for Layer 2 Enabled Devices	160
Modifying Port Settings	162
Configuring Ports Settings for Layer 3 Enabled Devices	166
Modifying Port Settings	168
Configuring VLANs	172
Defining VLAN Properties	173
Modifying VLANs	175
Defining VLAN Membership	176
Modifying VLAN Membership	178
Assigning Ports to Multiple VLANs	179
Defining GVRP Settings	182
Modifying GVRP Settings	183
Defining VLAN Interface Settings	185
Modifying VLAN Interface Settings	187
Defining Customer VLANs Using QinQ	189
Defining Multicast TV VLAN	190
Defining CPE VLAN Mapping	192
Defining Protocol Groups	193
Modifying Protocol Groups	195
Defining a Protocol Port	196
Configuring IP Information	199
IP Addressing	199
Managing IPv6	199
Defining IPv6 Interface	200
Defining Default Gateway	203
Configuring ISATAP Tunnels	206
Viewing IPv6 Neighbors Information	208
Viewing IPv6 Routes Table	212
Layer 2 IP Addressing	213
Layer 3 IP Addressing	213
Defining IPv4 Interface (Layer 2)	214
Defining IPv4 Interface (Layer 3)	215
Modifying IP Interface Settings	217
Enabling ARP Proxy (Layer 3)	218
Defining UDP Relay (Layer 3)	219
Defining DHCP Relay (Layer 2)	221
Defining DHCP Relay Interfaces	223
Defining DHCP Relay (Layer 3)	225
ARP	227
ARP Table	228
Modifying ARP Settings	229
Defining IP Routing	230
Domain Name System	233
Defining DNS Servers	233
Default Parameters	234
DNS Server Details	234
Mapping DNS Hosts	235
Defining Address Tables	239
Defining Static Addresses	239
Defining Dynamic Addresses	242
Query By	243
Configuring Multicast Forwarding	244
IGMP Snooping	244
Modifying IGMP Snooping	246
Defining Multicast Group	247
Modifying a Multicast Group	249
Configuring IGMP Snooping Mapping	251
Defining Multicast TV Membership	252
Defining Multicast Forwarding	253
Modifying Multicast Forwarding	254
Defining Unregistered Multicast Settings	255
Configuring Spanning Tree	258
Defining Spanning Tree	258
Defining STP Properties	258
Global Settings	259
Defining Spanning Tree Interface Settings	261
Modifying Interface Settings	265
Defining Rapid Spanning Tree	267
Modifying RTSP	270
Defining Multiple Spanning Tree	272
Defining MSTP Properties	272
Defining MSTP Instance to VLAN	274
Defining MSTP Instance Settings	275
Defining MSTP Interface Settings	276
Configuring Quality of Service	282
Defining General Settings	283
Defining CoS	283
Modifying Interface Priorities	285
Defining QoS Queue	285
Mapping CoS to Queue	287
Mapping DSCP to Queue	288
Configuring Bandwidth	289
Configuring VLAN Rate Limit	291
Modifying the VLAN Rate Limit	293
Defining Advanced QoS Mode	294
Configuring DSCP Mapping	295
Defining Class Mapping	297
Defining Aggregate Policer	299
Modifying QoS Aggregate Policer	301
Configuring Policy Table	302
Modifying the QoS Policy Profile	304
Defining Policy Binding	306
Modifying QoS Policy Binding Settings	308
Defining QoS Basic Mode	308
Rewriting DSCP Values	309
Configuring SNMP	311
SNMP v1 and v2	311
SNMP v3	311
Configuring SNMP Security	312
Defining the SNMP Engine ID	312
Defining SNMP Views	314
Defining SNMP Users	316
Modifying SNMP Users	318
Defining SNMP Groups	319
Modifying SNMP Group Profile Settings	322
Defining SNMP Communities	323
Edit SNMP Communities	326
Defining Trap Management	328
Defining Trap Settings	328
Configuring Station Management	329
Modifying SNMP Notifications	334
Defining SNMP Filter Settings	336
Managing System Files	338
Firmware Upgrade	339
Save Configuration	340
Via TFTP	342
Via HTTP	342
Copy Files	342
Active Image	344
Managing Power-over-Ethernet Devices	345
Defining PoE Settings	345
Managing Device Diagnostics	349
Viewing Integrated Cable Tests	349
Performing Optical Tests	353
Configuring Port Mirroring	354
Modifying Port Mirroring	356
Viewing CPU Utilization	357
Managing System Logs	359
Enabling System Logs	359
Viewing the Device Memory Logs	361
Clearing Message Logs	362
Viewing the Flash Logs	362
Clearing Flash Logs	363
Viewing Remote Logs	364
Modifying Syslog Server Settings	367
Viewing Statistics	370
Viewing Ethernet Statistics	370
Defining Ethernet Interface	370
Resetting Interface Statistics Counters	372
Viewing Etherlike Statistics	372
Resetting Etherlike Statistics Counters	374
Viewing GVRP Statistics	374
Resetting GVRP Statistics Counters	376
Viewing EAP Statistics	376
Managing RMON Statistics	378
Viewing RMON Statistics	379
Resetting RMON Statistics Counters	381
Configuring RMON History	381
Defining RMON History Control	381
Modifying RMON History Settings	383
Viewing the RMON History Table	384
Defining RMON Events Control	386
Modifying RMON Event Log Settings	388
Viewing the RMON Events Logs	389
Defining RMON Alarms	390
Modifying RMON Alarm Settings	394
Managing QoS Statistics	396
Viewing Policer Statistics	396
Viewing Aggregated Policer Statistics	398
Resetting Aggregate Policer Statistics Counters	398
Viewing Queues Statistics	398
Resetting Queues Statistics Counters	401
Aggregating Ports	402
Defining LAG Management	403
Modifying LAG Membership	404
Defining LAG Settings	405
Configuring LACP	409