Netgear GS752TS GS7xxTS-TPS Software Admin Manual - Page 92

Services — DHCP Snooping, DHCP Snooping Global Configuration, Interface Configuration

Page 92 highlights

GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Network Policies Application Type VLAN ID VLAN Type User Priority DSCP LLDP Unknown TLVs Type Value Description Specifies the media application type associated with the policy advertised by the remote device. Specifies the VLAN ID associated with the policy. Specifies whether the VLAN associated with the policy is tagged or untagged. Specifies the priority associated with the policy. Specifies the DSCP associated with a particular policy type. Displays the unknown TLV type field. Displays the unknown TLV value field. Services - DHCP Snooping DHCP Snooping is a useful feature that provides security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding table. An untrusted message is a message that is received from outside the network or firewall and that can cause traffic attacks within your network. A known attack is when an unauthorized DHCP server responds to a client that is requesting an IP address. The server configures the gateway for the client to be equal to the IP address of the server. At that point, the client sends all of its IP traffic destined to other networks to the unauthorized machine. This gives the attacker the possibility of snooping traffic for passwords or employing a man-in-the-middle attack. The DHCP snooping binding table contains the MAC address, IP address, lease time, binding type, VLAN number, and interface information that corresponds to the local untrusted interfaces of a switch. An untrusted interface is an interface that is configured to receive messages from outside the network or firewall. A trusted interface is an interface that is configured to receive only messages from within the network. DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also provides way to differentiate between untrusted interfaces connected to the end-user and trusted interfaces connected to the DHCP server or another switch. From the Services link, you can access the following pages: • DHCP Snooping Global Configuration on page 93 • Interface Configuration on page 94 • Binding Configuration on page 95 • Persistent Configuration on page 97 • Statistics on page 98 92

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329

92
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches
Services — DHCP Snooping
DHCP Snooping is a useful feature that provides security by filtering untrusted DHCP
messages and by building and maintaining a DHCP snooping binding table. An untrusted
message is a message that is received from outside the network or firewall and that can
cause traffic attacks within your network. A known attack is when an unauthorized DHCP
server responds to a client that is requesting an IP address. The server configures the
gateway for the client to be equal to the IP address of the server. At that point, the client
sends all of its IP traffic destined to other networks to the unauthorized machine. This gives
the attacker the possibility of snooping traffic for passwords or employing a
man-in-the-middle attack.
The DHCP snooping binding table contains the MAC address, IP address, lease time,
binding type, VLAN number, and interface information that corresponds to the local untrusted
interfaces of a switch. An untrusted interface is an interface that is configured to receive
messages from outside the network or firewall. A trusted interface is an interface that is
configured to receive only messages from within the network.
DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also
provides way to differentiate between untrusted interfaces connected to the end-user and
trusted interfaces connected to the DHCP server or another switch.
From the Services link, you can access the following pages:
DHCP Snooping Global Configuration
on page
93
Interface Configuration
on page
94
Binding Configuration
on page
95
Persistent Configuration
on page
97
Statistics
on page
98
Network Policies
Application Type
Specifies the media application type associated with the policy advertised by
the remote device.
VLAN ID
Specifies the VLAN ID associated with the policy.
VLAN Type
Specifies whether the VLAN associated with the policy is tagged or untagged.
User Priority
Specifies the priority associated with the policy.
DSCP
Specifies the DSCP associated with a particular policy type.
LLDP Unknown TLVs
Type
Displays the unknown TLV type field.
Value
Displays the unknown TLV value field.
Field
Description