Home » D-Link Manuals » Wireless » D-Link DGS-1250 » Manual Viewer

D-Link DGS-1250 User Manual - Page 200

IMPB, IPv4, DHCPv4 Snooping, DHCP Snooping Global Settings

Add to My Manuals
Save this manual to your list of manuals

Page 200 highlights

DGS-1250 Series Gigabit Ethernet Smart Managed Switch Web UI Reference Guide IMPB The IP network layer uses a four-byte address. The Ethernet link-layer uses a six-byte MAC address. Binding these two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC-Port Binding (IMPB) is to restrict the access to a Switch to a number of authorized users. Authorized clients can access a Switch's port by either checking the pair of IP-MAC addresses with the pre-configured database or if DHCP snooping has been enabled in which case the Switch will automatically learn the IP/MAC pairs by snooping DHCP packets and saving them to the IMPB white list. If an unauthorized user tries to access an IP-MAC binding enabled port, the system will block the access by dropping its packet. Active and inactive entries use the same database. The function is port-based, meaning a user can enable or disable the function on the individual port. IPv4 DHCPv4 Snooping DHCP Snooping Global Settings This window is used to display and configure the global DHCP snooping settings. To view the following window, click Security > IMPB > IPv4 > DHCPv4 Snooping > DHCP Snooping Global Settings, as shown below: Figure 9-25 DHCP Snooping Global Settings Window The fields that can be configured are described below: Parameter DHCP Snooping Information Option Allow Untrusted Source MAC Verification Station Move Deny Description Select to enable or disable the global DHCP snooping status. Select to enable or disable the option to globally allow DHCP packets with the relay Option 82 on the untrusted interface. Select to enable or disable the verification that the source MAC address in a DHCP packet matches the client hardware address. Select to enable or disable the DHCP snooping station move state. When DHCP snooping station move is enabled, the dynamic DHCP snooping binding entry with the same VLAN ID and MAC address on the specific port can move to another port if it detects that a new DHCP process belong to the same VLAN ID and MAC address. Click the Apply button to accept the changes made. 191

Section	Page
1. Introduction	10
Audience	10
Other Documentation	10
Conventions	10
Notes, Notices, and Cautions	11
2. Web-based Switch Configuration	12
Management Options	12
Logging into the Web UI	13
Smart Wizard	14
Step 1 - Web Mode	14
Step 2 - System IP Information	15
Step 3 - User Accounts Settings	16
Step 4 - SNMP Settings	17
Web User Interface (Web UI)	18
Areas of the User Interface	18
Standard Mode	18
Surveillance Mode	19
3. System	21
Device Information	21
System Information Settings	22
Peripheral Settings	22
Port Configuration	23
Port Settings	23
Port Status	25
Port Auto Negotiation	25
Error Disable Settings	26
Jumbo Frame	27
Interface Description	28
PoE	28
PoE System	29
PoE Status	30
PoE Configuration	30
PD Alive	32
PoE Statistics	33
PoE Measurement	33
PoE LLDP Classification	34
System Log	34
System Log Settings	34
System Log Discriminator Settings	35
System Log Server Settings	36
System Log	37
System Attack Log	38
Time and SNTP	38
Clock Settings	38
Time Zone Settings	39
SNTP Settings	41
Time Range	42
4. Management	43
User Accounts Settings	43
SNMP	44
SNMP Global Settings	45
SNMP Linkchange Trap Settings	46
SNMP View Table Settings	47
SNMP Community Table Settings	47
SNMP Group Table Settings	49
SNMP Engine ID Local Settings	50
SNMP User Table Settings	50
SNMP Host Table Settings	52
RMON	53
RMON Global Settings	53
RMON Statistics Settings	53
RMON History Settings	54
RMON Alarm Settings	55
RMON Event Settings	56
Telnet/Web	57
Session Timeout	57
DHCP	58
Service DHCP	58
DHCP Class Settings	59
DHCP Relay	60
DHCP Relay Global Settings	60
DHCP Relay Pool Settings	60
DHCP Relay Information Settings	63
DHCP Relay Information Option Format Settings	64
DHCP Local Relay VLAN Settings	65
DHCPv6 Relay	66
DHCPv6 Relay Global Settings	66
DHCPv6 Relay Interface Settings	67
DHCPv6 Relay Remote ID Profile Settings	68
DHCPv6 Relay Format Type Settings	70
DHCPv6 Local Relay VLAN Settings	70
DHCP Auto Configuration	71
DNS	71
DNS Global Settings	71
DNS Name Server Settings	72
DNS Host Settings	73
File System	73
D-Link Discovery Protocol	76
5. Layer 2 Features	77
FDB	77
Static FDB	77
Unicast Static FDB	77
MAC Address Table Settings	78
MAC Address Table	79
MAC Notification	80
VLAN	81
VLAN Configuration Wizard	81
Create/Configure VLAN	81
802.1Q VLAN	84
VLAN Interface	85
VLAN Interface Settings	85
Port Summary	88
Asymmetric VLAN	88
L2VLAN Interface Description	89
Auto Surveillance VLAN	89
Auto Surveillance Properties	89
MAC Settings and Surveillance Device	91
ONVIF IP-Camera Information	92
ONVIF NVR Information	94
Voice VLAN	95
Voice VLAN Global	95
Voice VLAN Port	96
Voice VLAN OUI	97
Voice VLAN Device	97
Voice VLAN LLDP-MED Device	98
STP	98
STP Global Settings	100
STP Port Settings	102
MST Configuration Identification	103
STP Instance	104
MSTP Port Information	105
Loopback Detection	105
Link Aggregation	106
L2 Multicast Control	111
IGMP Snooping	111
IGMP Snooping Settings	111
IGMP Snooping Groups Settings	113
IGMP Snooping Mrouter Settings	114
IGMP Snooping Statistics Settings	115
MLD Snooping	116
MLD Snooping Settings	117
MLD Snooping Groups Settings	119
MLD Snooping Mrouter Settings	120
MLD Snooping Statistics Settings	121
Multicast Filtering Mode	122
LLDP	123
LLDP Global Settings	123
LLDP Port Settings	124
LLDP Management Address List	125
LLDP Basic TLVs Settings	125
LLDP Dot1 TLVs Settings	127
LLDP Dot3 TLVs Settings	128
LLDP-MED Port Settings	129
LLDP Statistics Information	130
LLDP Local Port Information	131
LLDP Neighbor Port Information	132
6. Layer 3 Features	135
ARP	135
ARP Aging Time	135
Static ARP	136
ARP Table	136
Gratuitous ARP	137
IPv6 Neighbor	138
Interface	138
IPv4 Interface	138
IPv6 Interface	140
IPv4 Static/Default Route	143
IPv4 Route Table	145
IPv6 Static/Default Route	145
IPv6 Route Table	146
IP Multicast Routing Protocol	147
IPMC	147
IP Multicast Routing Forwarding Cache Table	147
IPv6MC	147
IPv6 Multicast Routing Forwarding Cache Table	147
7. Quality of Service (QoS)	149
Basic Settings	149
Port Default CoS	149
Port Scheduler Method	150
Queue Settings	151
CoS to Queue Mapping	152
Port Rate Limiting	152
Queue Rate Limiting	153
Advanced Settings	154
DSCP Mutation Map	154
Port Trust State and Mutation Binding	156
DSCP CoS Mapping	157
Class Map	157
Policy Map	159
Policy Binding	161
8. Access Control List (ACL)	162
ACL Configuration Wizard	162
Step 1 - Create/Update	162
Step 2 - Select Packet Type	163
Step 3 - Add Rule	164
MAC	164
IPv4	166
IPv6	169
Step 4 - Apply Port	171
ACL Access List	172
Standard IP ACL	174
Extended IP ACL	175
Standard IPv6 ACL	177
Extended IPv6 ACL	178
Extended MAC ACL	180
ACL Interface Access Group	182
9. Security	184
Port Security	184
Port Security Global Settings	184
Port Security Port Settings	185
Port Security Address Entries	186
802.1X	186
802.1X Global Settings	191
802.1X Port Settings	192
Authentication Sessions Information	193
Authenticator Statistics	193
Authenticator Session Statistics	194
Authenticator Diagnostics	195
AAA	196
AAA Global Settings	196
Authentication Settings	196
RADIUS	197
RADIUS Global Settings	197
RADIUS Server Settings	197
RADIUS Group Server Settings	198
RADIUS Statistic	199
IMPB	200
IPv4	200
DHCPv4 Snooping	200
Dynamic ARP Inspection	204
IP Source Guard	209
Advanced Settings	211
IPv6	213
IPv6 Snooping	213
IPv6 ND Inspection	214
IPv6 RA Guard	215
IPv6 DHCP Guard	216
IPv6 Source Guard	217
DHCP Server Screening	219
DHCP Server Screening Global Settings	219
DHCP Server Screening Port Settings	220
ARP Spoofing Prevention	221
Network Access Authentication	222
Guest VLAN	222
Network Access Authentication Global Settings	222
Network Access Authentication Port Settings	224
Network Access Authentication Sessions Information	225
Safeguard Engine	225
Safeguard Engine Settings	227
CPU Protect Counters	227
CPU Protect Sub-Interface	228
CPU Protect Type	229
Trusted Host	229
Traffic Segmentation Settings	230
Storm Control Settings	231
DoS Attack Prevention Settings	233
SSH	234
SSH Global Settings	235
Host Key	236
SSH Server Connection	237
SSH User Settings	237
SSL	238
SSL Global Settings	239
Crypto PKI Trustpoint	240
SSL Service Policy	241
Network Protocol Port Protect Settings	242
10. OAM	243
Cable Diagnostics	243
11. Monitoring	245
Utilization	245
Port Utilization	245
Statistics	246
Port	246
Interface Counters	247
Counters	249
Mirror Settings	250
Device Environment	252
12. Green	253
Power Saving	253
EEE	255
13. Toolbar	256
Save	256
Save Configuration	256
Tools	256
Firmware Upgrade & Backup	256
Firmware Upgrade from HTTP	256
Firmware Upgrade from TFTP	257
Firmware Backup to HTTP	257
Firmware Backup to TFTP	258
Configuration Restore & Backup	258
Configuration Restore from HTTP	258
Configuration Restore from TFTP	259
Configuration Backup to HTTP	260
Configuration Backup to TFTP	260
Certificate & Key Restore & Backup	261
Certificate & Key Restore from HTTP	261
Certificate & Key Restore from TFTP	261
Public Key Backup to HTTP	262
Public Key Backup to TFTP	262
Log Backup	263
Log Backup to HTTP	263
Log Backup to TFTP	263
Ping	264
Language Management	265
Reset	266
Reboot System	266
Wizard	267
Online Help	267
D-Link Support Site	267
User Guide	267
Surveillance Mode	267
Logout	268
14. Surveillance Mode	269
Surveillance Overview	269
Surveillance Topology	269
Device Information	272
Port Information	273
Group Details	274
IP-Camera Information	275
NVR Information	276
PoE Information	277
PoE Scheduling	278
Management	279
File System	279
Time	281
Clock Settings	281
SNTP Settings	282
Surveillance Settings	283
Surveillance Log	284
Health Diagnostic	285
Toolbar	286
Wizard	286
Tools	286
Firmware Upgrade & Backup	286
Configuration Restore & Backup	287
Language Management	288
Reset	289
Reboot System	289
Save	290
Save Configuration	290
Help	291
Online Help	292
D-Link Support Site	292
User Guide	292
Standard Mode	292
Logout	292
Appendix A - System Log Entries	293
802.1X	293
AAA	293
Auto Surveillance VLAN	294
Configuration/Firmware	295
DAI	298
DHCPv6 Client	298
DHCPv6 Relay	299
DoS Prevention	299
DNS Resolver	299
Interface	299
IPv6 Duplicate Address	300
LACP	300
LBD	301
LLDP/LLDP-MED	301
Login/Logout	303
MSTP Debug Enhancement	304
Peripheral	306
PoE	306
Port Security	307
Safeguard	307
SNMP	307
SSH	307
Storm Control	308
System	308
Telnet	308
Voice VLAN	309
Web	309
Appendix B - Trap Entries	311
802.1X	311
Authentication Fail	311
DHCP Server Screen Prevention	311
DoS Prevention	312
ErrDisable	312
General Management	312
Gratuitous ARP	312
IMPB	312
LACP	313
LBD	313
LLDP	314
MAC Notification	314
MSTP	314
PD Alive	314
Peripheral	315
PoE	315
Port	316
Port Security	316
RMON	316
Safeguard	317
Start	317
Storm Control	317
System File	317
Appendix C - RADIUS Attributes Assignment	319

Match case Limit results 1 per page

DGS-1250 Series Gigabit Ethernet Smart Managed Switch Web UI Reference Guide

191

IMPB

The IP network layer uses a four-byte address. The Ethernet link-layer uses a six-byte MAC address. Binding these

two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC-Port

Binding (IMPB) is to restrict the access to a Switch to a number of authorized users. Authorized clients can access a

Switch’s port by either checking the pair of IP-MAC addresses with the pre-configured database or if DHCP snooping

has been enabled in which case the Switch will automatically learn the IP/MAC pairs by snooping DHCP packets and

saving them to the IMPB white list. If an unauthorized user tries to access an IP-MAC binding enabled port, the

system will block the access by dropping its packet. Active and inactive entries use the same database. The function

is port-based, meaning a user can enable or disable the function on the individual port.

IPv4

DHCPv4 Snooping

DHCP Snooping Global Settings

This window is used to display and configure the global DHCP snooping settings.

To view the following window, click

Security > IMPB > IPv4 > DHCPv4 Snooping > DHCP Snooping Global

Settings

, as shown below:

Figure 9-25 DHCP Snooping Global Settings Window

The fields that can be configured are described below:

Parameter

Description

DHCP Snooping

Select to enable or disable the global DHCP snooping status.

Information Option Allow

Untrusted

Select to enable or disable the option to globally allow DHCP packets with the

relay Option 82 on the untrusted interface.

Source MAC Verification

Select to enable or disable the verification that the source MAC address in a

DHCP packet matches the client hardware address.

Station Move Deny

Select to enable or disable the DHCP snooping station move state. When DHCP

snooping station move is enabled, the dynamic DHCP snooping binding entry with

the same VLAN ID and MAC address on the specific port can move to another

port if it detects that a new DHCP process belong to the same VLAN ID and MAC

address.

Click the

Apply

button to accept the changes made.