D-Link DGS-1250 User Manual - Page 200
IMPB, IPv4, DHCPv4 Snooping, DHCP Snooping Global Settings
View all D-Link DGS-1250 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 200 highlights
DGS-1250 Series Gigabit Ethernet Smart Managed Switch Web UI Reference Guide IMPB The IP network layer uses a four-byte address. The Ethernet link-layer uses a six-byte MAC address. Binding these two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC-Port Binding (IMPB) is to restrict the access to a Switch to a number of authorized users. Authorized clients can access a Switch's port by either checking the pair of IP-MAC addresses with the pre-configured database or if DHCP snooping has been enabled in which case the Switch will automatically learn the IP/MAC pairs by snooping DHCP packets and saving them to the IMPB white list. If an unauthorized user tries to access an IP-MAC binding enabled port, the system will block the access by dropping its packet. Active and inactive entries use the same database. The function is port-based, meaning a user can enable or disable the function on the individual port. IPv4 DHCPv4 Snooping DHCP Snooping Global Settings This window is used to display and configure the global DHCP snooping settings. To view the following window, click Security > IMPB > IPv4 > DHCPv4 Snooping > DHCP Snooping Global Settings, as shown below: Figure 9-25 DHCP Snooping Global Settings Window The fields that can be configured are described below: Parameter DHCP Snooping Information Option Allow Untrusted Source MAC Verification Station Move Deny Description Select to enable or disable the global DHCP snooping status. Select to enable or disable the option to globally allow DHCP packets with the relay Option 82 on the untrusted interface. Select to enable or disable the verification that the source MAC address in a DHCP packet matches the client hardware address. Select to enable or disable the DHCP snooping station move state. When DHCP snooping station move is enabled, the dynamic DHCP snooping binding entry with the same VLAN ID and MAC address on the specific port can move to another port if it detects that a new DHCP process belong to the same VLAN ID and MAC address. Click the Apply button to accept the changes made. 191