Home » TP-Link Manuals » Hubs & Switches » TP-Link 10GE » Manual Viewer

TP-Link 10GE T1700G-28TQUN V1 User Guide - Page 215

ARP Inspection

Add to My Manuals
Save this manual to your list of manuals

Page 215 highlights

Circuit ID: Remote ID Customization: Remote ID: LAG: Enter the sub-option Circuit ID for the customized Option 82 field. Enable or disable the switch to define the Option 82 sub-option Remote ID field. With Disable selected, configure the switch system MAC address as the remote ID default value. Enter the sub-option Remote ID for the customized Option 82. Displays the LAG to which the port belongs. 13.3 ARP Inspection According to the ARP Implementation Procedure stated in 13.1.3 ARP Scanning, it can be found that ARP protocol can facilitate the Hosts in the same network segment to communicate with one another or access to external network via Gateway. However, since ARP protocol is implemented with the premise that all the Hosts and Gateways are trusted, there are high security risks during ARP Implementation Procedure in the actual complex network. Thus, the cheating attacks against ARP, such as imitating Gateway, cheating Gateway, cheating terminal Hosts and ARP Flooding Attack, frequently occur to the network, especially to the large network such as campus network and so on. The following part will simply introduce these ARP attacks.  Imitating Gateway The attacker sends the MAC address of a forged Gateway to Host, and then the Host will automatically update the ARP table after receiving the ARP response packets, which causes that the Host cannot access the network normally. The ARP Attack implemented by imitating Gateway is illustrated in the following figure. Figure 13-11 ARP Attack - Imitating Gateway 205

Section	Page
Package Contents	11
Chapter 1 About this Guide	12
1.1 Intended Readers	12
1.2 Conventions	12
1.3 Overview of This Guide	12
Chapter 2 Introduction	16
2.1 Overview of the Switch	16
2.2 Appearance Description	16
2.2.1 Front Panel	16
2.2.2 Rear Panel	17
Chapter 3 Login to the Switch	19
3.1 Login	19
3.2 Configuration	20
Chapter 4 System	21
4.1 System Info	21
4.1.1 System Summary	21
4.1.2 Device Description	24
4.1.3 System Time	24
4.1.4 Daylight Saving Time	25
4.2 User Management	26
4.2.1 User Table	26
4.2.2 User Config	27
4.3 System Tools	28
4.3.1 Boot Config	28
4.3.2 Config Restore	29
4.3.3 Config Backup	30
4.3.4 Firmware Upgrade	31
4.3.5 System Reboot	31
4.3.6 System Reset	32
4.4 Access Security	32
4.4.1 Access Control	32
4.4.2 HTTP Config	34
4.4.3 HTTPS Config	34
4.4.4 SSH Config	37
4.4.5 Telnet Config	44
4.5 SDM Template	44
4.5.1 SDM Template Config	44
Chapter 5 Stack	46
5.1 Stack Management	53
5.1.1 Stack Info	53
5.1.2 Stack Config	54
5.2 Application Example for Stack	56
Chapter 6 Switching	57
6.1 Port	57
6.1.1 Port Config	57
6.1.2 Port Mirror	58
6.1.3 Port Security	60
6.1.4 Port Isolation	62
6.1.5 Loopback Detection	63
6.2 LAG	65
6.2.1 LAG Table	66
6.2.2 Static LAG	67
6.2.3 LACP Config	68
6.3 Traffic Monitor	70
6.3.1 Traffic Summary	70
6.3.2 Traffic Statistics	71
6.4 MAC Address	73
6.4.1 Address Table	74
6.4.2 Static Address	75
6.4.3 Dynamic Address	76
6.4.4 Filtering Address	78
Chapter 7 VLAN	80
7.1 802.1Q VLAN	81
7.1.1 VLAN Config	82
7.1.2 Port Config	83
7.2 Application Example for 802.1Q VLAN	85
7.3 MAC VLAN	86
7.3.1 MAC VLAN	87
7.3.2 Port Enable	87
7.4 Application Example for MAC VLAN	88
7.5 Protocol VLAN	90
7.5.1 Protocol Group Table	91
7.5.2 Protocol Group	91
7.5.3 Protocol Template	92
7.6 Application Example for Protocol VLAN	94
Chapter 8 Spanning Tree	96
8.1 STP Config	101
8.1.1 STP Config	101
8.1.2 STP Summary	103
8.2 Port Config	104
8.3 MSTP Instance	105
8.3.1 Region Config	106
8.3.2 Instance Config	106
8.3.3 Instance Port Config	107
8.4 STP Security	109
8.4.1 Port Protect	109
8.4.2 TC Protect	112
8.5 Application Example for STP Function	112
Chapter 9 Multicast	117
9.1 IGMP Snooping	121
9.1.1 Snooping Config	123
9.1.2 Port Config	125
9.1.3 VLAN Config	126
9.1.4 Multicast VLAN	127
9.1.5 Querier Config	130
9.1.6 Profile Config	132
9.1.7 Profile Binding	133
9.1.8 Packet Statistics	135
9.2 MLD Snooping	136
9.2.1 Snooping Config	138
9.2.2 Port Config	140
9.2.3 VLAN Config	141
9.2.4 Multicast VLAN	142
9.2.5 Querier Config	143
9.2.6 Profile Config	145
9.2.7 Profile Binding	146
9.2.8 Packet Statistics	148
9.3 Multicast Table	149
9.3.1 IPv4 Multicast Table	149
9.3.2 Static IPv4 Multicast Table	150
9.3.3 IPv6 Multicast Table	151
9.3.4 Static IPv6 Multicast Table	152
Chapter 10 Routing	154
10.1 Interface	154
10.2 Routing Table	160
10.2.1 IPv4 Routing Table	160
10.2.2 IPv6 Routing Table	160
10.3 Static Routing	161
10.3.1 IPv4 Static Routing Config	161
10.3.2 IPv6 Static Routing Config	162
10.4 DHCP Relay	163
10.4.1 Global Config	165
10.4.2 DHCP Server	166
10.5 ARP	167
10.5.1 ARP Table	167
10.5.2 Static ARP	167
Chapter 11 QoS	169
11.1 DiffServ	172
11.1.1 Port Priority	172
11.1.2 Schedule Mode	173
11.1.3 802.1P Priority	174
11.1.4 DSCP Priority	175
11.2 Bandwidth Control	177
11.2.1 Rate Limit	177
11.2.2 Storm Control	178
11.3 Voice VLAN	179
11.3.1 Global Config	181
11.3.2 Port Config	182
11.3.3 OUI Config	183
Chapter 12 ACL	185
12.1 Time-Range	185
12.1.1 Time-Range Summary	185
12.1.2 Time-Range Create	186
12.1.3 Holiday Config	187
12.2 ACL Config	187
12.2.1 ACL Summary	187
12.2.2 ACL Create	188
12.2.3 MAC ACL	188
12.2.4 Standard-IP ACL	190
12.2.5 Extend-IP ACL	191
12.2.6 IPv6 ACL	192
12.3 Policy Config	193
12.3.1 Policy Summary	193
12.3.2 Policy Create	194
12.3.3 Action Create	194
12.4 ACL Binding	195
12.4.1 Binding Table	196
12.4.2 Port Binding	197
12.4.3 VLAN Binding	198
12.5 Policy Binding	198
12.5.1 Binding Table	199
12.5.2 Port Binding	200
12.5.3 VLAN Binding	201
12.6 Application Example for ACL	201
Chapter 13 Network Security	204
13.1 IP-MAC Binding	204
13.1.1 Binding Table	204
13.1.2 Manual Binding	205
13.1.3 ARP Scanning	207
13.2 DHCP Snooping	209
13.2.1 Global Config	212
13.2.2 Port Config	212
13.2.3 Option 82 Config	214
13.3 ARP Inspection	215
13.3.1 ARP Detect	219
13.3.2 ARP Defend	220
13.3.3 ARP Statistics	221
13.4 DoS Defend	222
13.4.1 DoS Defend	224
13.5 802.1X	224
13.5.1 Global Config	228
13.5.2 Port Config	229
13.6 AAA	231
13.6.1 Global Config	232
13.6.2 Privilege Elevation	232
13.6.3 RADIUS Server Config	233
13.6.4 TACACS+ Server Config	234
13.6.5 Authentication Server Group Config	234
13.6.6 Authentication Method List Config	236
13.6.7 Application Authentication List Config	237
13.6.8 802.1X Authentication Server Config	238
13.6.9 Default Settings	238
Chapter 14 SNMP	240
14.1 SNMP Config	242
14.1.1 Global Config	242
14.1.2 SNMP View	243
14.1.3 SNMP Group	244
14.1.4 SNMP User	245
14.1.5 SNMP Community	247
14.2 Notification	249
14.3 RMON	251
14.3.1 Statistics	252
14.3.2 History	253
14.3.3 Event	254
14.3.4 Alarm Config	255
Chapter 15 LLDP	257
15.1 Basic Config	261
15.1.1 Global Config	261
15.1.2 Port Config	262
15.2 Device Info	263
15.2.1 Local Info	263
15.2.2 Neighbor Info	264
15.3 Device Statistics	265
15.4 LLDP-MED	267
15.4.1 Global Config	268
15.4.2 Port Config	268
15.4.3 Local Info	271
15.4.4 Neighbor Info	272
Chapter 16 Maintenance	273
16.1 System Monitor	273
16.1.1 CPU Monitor	273
16.1.2 Memory Monitor	274
16.2 Log	274
16.2.1 Log Table	275
16.2.2 Local Log	276
16.2.3 Remote Log	277
16.2.4 Backup Log	277
16.3 Device Diagnose	278
16.3.1 Cable Test	278
16.4 Network Diagnose	279
16.4.1 Ping	280
16.4.2 Tracert	280
Appendix A: Specifications	282

Match case Limit results 1 per page

Circuit ID:

Enter the sub-option Circuit ID for the customized Option 82

field.

Remote ID

Customization:

Enable or disable the switch to define the Option 82

sub-option Remote ID field. With Disable selected, configure

the switch system MAC address as the remote ID default

value.

Remote ID:

Enter the sub-option Remote ID for the customized Option 82.

LAG:

Displays the LAG to which the port belongs.

13.3 ARP Inspection

According to the ARP Implementation Procedure stated in 13.1.3 ARP Scanning, it can be found

that ARP protocol can facilitate the Hosts in the same network segment to communicate with one

another or access to external network via Gateway. However, since ARP protocol is implemented

with the premise that all the Hosts and Gateways are trusted, there are high security risks during

ARP Implementation Procedure in the actual complex network. Thus, the cheating attacks against

ARP, such as imitating Gateway, cheating Gateway, cheating terminal Hosts and ARP Flooding

Attack, frequently occur to the network, especially to the large network such as campus network

and so on. The following part will simply introduce these ARP attacks.



Imitating Gateway

The attacker sends the MAC address of a forged Gateway to Host, and then the Host will

automatically update the ARP table after receiving the ARP response packets, which causes that

the Host cannot access the network normally. The ARP Attack implemented by imitating Gateway

is illustrated in the following figure.

Figure 13-11 ARP Attack - Imitating Gateway

205