TP-Link T1500-28TC TL-SL2428 T1500-28TCUN V1 Configuration Guide - Page 414
Network Security, Overview, Supported Features
View all TP-Link T1500-28TC TL-SL2428 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 414 highlights
Configuring Network Security 1 Network Security Network Security 1.1 Overview Network Security provides multiple protection measures for the network. Users can configure the security functions according to their needs. 1.2 Supported Features The switch supports multiple network security features, for example, IP-MAC Binding, DHCP Snooping, ARP Inspection and so on. IP-MAC Binding IP-MAC Binding is used to bind the IP address, MAC address, VLAN ID and the connected port number of the specified host. Basing on the IP-MAC binding table, the switch can prevent the ARP cheating attacks with the ARP Detection feature. The binding entries can be manually configured, or learned by ARP scanning or DHCP snooping. DHCP Snooping DHCP Snooping supports the basic DHCP security feature and the Option 82 feature. Basic DHCP Security During the working process of DHCP, generally there is no authentication mechanism between the DHCP server and the clients. If there are several DHCP servers on the network, security problems and network interference will happen. DHCP Snooping resolves this problem. As the following figure shows, the port connected to the legal DHCP server should be configured as a trusted port, and other ports should be configured as untrusted ports. When receiving the DHCP discover or DHCP request packets, the switch forwards them to the legal DHCP server only through the trusted port. When receiving the respond packets, the switch will determine whether to send or not depending on the type of receiving port: packets received from the trusted port will be forwarded, otherwise they will be discarded. DHCP Snooping ensures that users get IP addresses only from the legal DHCP server, enhancing the network security. Configuration Guide 393