Home » TP-Link Manuals » Hubs & Switches » TP-Link T1500G-10MPS » Manual Viewer

TP-Link T1500G-10MPS T1500G-10MPSUN V1 User Guide - Page 163

ARP Inspection

View all TP-Link T1500G-10MPS manuals

Add to My Manuals
Save this manual to your list of manuals

Page 163 highlights

Select: Port: Option 82 Support: Operation Strategy: Circuit ID Customization: Circuit ID: Remote ID Customization: Remote ID: LAG: Select your desired port for configuration. It is multi-optional. Displays the port number. Enable/Disable the Option 82 feature. Select the operation for the existed Option 82 field of the DHCP request packets from the Host. The option 82 field in DHCP reply packets will be remove when the option 82 feature is enable，no matter which operation is configured for the existed option 82 filed. • Keep: Indicates to keep the Option 82 field of the packets. • Replace: Indicates to replace the Option 82 field of the packets with the switch defined one. • Drop: Indicates to discard the packets including the Option 82 field. Enable or disable the switch to define the Option 82 sub-option Circuit ID field. With Disable selected, configure VLAN ID and port number from which the packet is received as the circuit ID default value. Enter the sub-option Circuit ID for the customized Option 82 field. Enable or disable the switch to define the Option 82 sub-option Remote ID field. With Disable selected, configure the switch system MAC address as the remote ID default value. Enter the sub-option Remote ID for the customized Option 82. Displays the LAG to which the port belongs. 12.3 ARP Inspection According to the ARP Implementation Procedure stated in 12.1.3 ARP Scanning, it can be found that ARP protocol can facilitate the Hosts in the same network segment to communicate with one another or access to external network via Gateway. However, since ARP protocol is implemented with the premise that all the Hosts and Gateways are trusted, there are high security risks during ARP Implementation Procedure in the actual complex network. Thus, the cheating attacks against ARP, such as imitating Gateway, cheating Gateway, cheating terminal Hosts and ARP Flooding Attack, frequently occur to the network, especially to the large network such as campus network. The following part will simply introduce these ARP attacks.  Imitating Gateway The attacker sends the MAC address of a forged Gateway to Host, and then the Host will automatically update the ARP table after receiving the ARP response packets, which causes that the Host cannot access the network normally. The ARP Attack implemented by imitating Gateway is illustrated in the following figure. 154

Section	Page
Package Contents	10
Chapter 1 About this Guide	11
1.1 Intended Readers	11
1.2 Conventions	11
1.3 Overview of This Guide	11
Chapter 2 Introduction	15
2.1 Overview of the Switch	15
2.2 Appearance Description	15
2.2.1 Front Panel	15
2.2.2 Rear Panel	17
Chapter 3 Login to the Switch	19
3.1 Login	19
3.2 Configuration	19
Chapter 4 System	21
4.1 System Info	21
4.1.1 System Summary	21
4.1.2 Device Description	22
4.1.3 System Time	23
4.1.4 Daylight Saving Time	24
4.1.5 System IP	25
4.2 User Management	27
4.2.1 User Table	27
4.2.2 User Config	27
4.3 System Tools	29
4.3.1 Boot Config	29
4.3.2 Config Restore	29
4.3.3 Config Backup	30
4.3.4 Firmware Upgrade	31
4.3.5 System Reboot	31
4.3.6 System Reset	32
4.4 Access Security	32
4.4.1 Access Control	32
4.4.2 HTTP Config	33
4.4.3 HTTPS Config	34
4.4.4 SSH Config	38
4.4.5 Telnet Config	44
Chapter 5 Switching	45
5.1 Port	45
5.1.1 Port Config	45
5.1.2 Port Mirror	46
5.1.3 Port Security	48
5.1.4 Port Isolation	50
5.1.5 Loopback Detection	51
5.2 LAG	53
5.2.1 LAG Table	53
5.2.2 Static LAG	55
5.2.3 LACP Config	56
5.3 Traffic Monitor	57
5.3.1 Traffic Summary	57
5.3.2 Traffic Statistics	58
5.4 MAC Address	60
5.4.1 Address Table	61
5.4.2 Static Address	63
5.4.3 Dynamic Address	64
5.4.4 Filtering Address	66
Chapter 6 VLAN	68
6.1 802.1Q VLAN	69
6.1.1 VLAN Config	70
6.1.2 Port Config	72
6.2 Application Example for 802.1Q VLAN	73
Chapter 7 Spanning Tree	75
7.1 STP Config	80
7.1.1 STP Config	80
7.1.2 STP Summary	82
7.2 Port Config	83
7.3 MSTP Instance	85
7.3.1 Region Config	85
7.3.2 Instance Config	86
7.3.3 Instance Port Config	87
7.4 STP Security	88
7.4.1 Port Protect	88
7.5 Application Example for STP Function	91
Chapter 8 Multicast	96
8.1 IGMP Snooping	100
8.1.1 Snooping Config	102
8.1.2 Port Config	103
8.1.3 VLAN Config	104
8.1.4 Multicast VLAN	106
8.1.5 Querier Config	109
8.1.6 Profile Config	110
8.1.7 Profile Binding	112
8.1.8 Packet Statistics	113
8.2 Multicast Table	114
8.2.1 IPv4 Multicast Table	114
8.2.2 Static IPv4 Multicast Table	115
Chapter 9 QoS	117
9.1 DiffServ	120
9.1.1 Port Priority	120
9.1.2 Schedule Mode	121
9.1.3 802.1P Priority	122
9.1.4 DSCP Priority	123
9.2 Bandwidth Control	124
9.2.1 Rate Limit	124
9.2.2 Storm Control	125
9.3 Voice VLAN	126
9.3.1 Global Config	129
9.3.2 Port Config	129
9.3.3 OUI Config	131
Chapter 10 PoE	133
10.1 PoE Config	133
10.1.1 PoE Config	134
10.1.2 PoE Profile	135
10.2 Time-Range	136
10.2.1 Time-Range Summary	136
10.2.2 Time-Range Create	137
10.2.3 Holiday Config	138
Chapter 11 ACL	140
11.1 ACL Config	140
11.1.1 ACL Summary	140
11.1.2 ACL Create	140
11.1.3 MAC ACL	141
11.1.4 Standard-IP ACL	142
11.1.5 Extend-IP ACL	142
11.2 Policy Config	143
11.2.1 Policy Summary	144
11.2.2 Policy Create	144
11.2.3 Action Create	144
11.3 ACL Binding	145
11.3.1 Binding Table	145
11.3.2 Port Binding	146
11.3.3 VLAN Binding	147
11.4 Policy Binding	148
11.4.1 Binding Table	148
11.4.2 Port Binding	149
11.4.3 VLAN Binding	150
11.5 Application Example for ACL	151
Chapter 12 Network Security	153
12.1 IP-MAC Binding	153
12.1.1 Binding Table	153
12.1.2 Manual Binding	154
12.1.3 ARP Scanning	156
12.2 DHCP Snooping	157
12.2.1 Global Config	161
12.2.2 Port Config	161
12.2.3 Option 82 Config	162
12.3 ARP Inspection	163
12.3.1 ARP Detect	166
12.3.2 ARP Defend	168
12.3.3 ARP Statistics	168
12.4 DoS Defend	169
12.4.1 DoS Defend	170
12.5 802.1X	171
12.5.1 Global Config	175
12.5.2 Port Config	176
12.6 AAA	178
12.6.1 Global Config	179
12.6.2 Privilege Elevation	179
12.6.3 RADIUS Server Config	180
12.6.4 TACACS+ Server Config	180
12.6.5 Authentication Server Group Config	181
12.6.6 Authentication Method List Config	182
12.6.7 Application Authentication List Config	184
12.6.8 802.1X Authentication Server Config	184
12.6.9 Default Settings	185
Chapter 13 SNMP	186
13.1 SNMP Config	188
13.1.1 Global Config	188
13.1.2 SNMP View	189
13.1.3 SNMP Group	190
13.1.4 SNMP User	192
13.1.5 SNMP Community	193
13.2 Notification	196
13.3 RMON	197
13.3.1 Statistics	198
13.3.2 History	199
13.3.3 Event	200
13.3.4 Alarm	201
Chapter 14 LLDP	203
14.1 Basic Config	208
14.1.1 Global Config	208
14.1.2 Port Config	209
14.2 Device Info	210
14.2.1 Local Info	210
14.2.2 Neighbor Info	212
14.3 Device Statistics	213
14.4 LLDP-MED	214
14.4.1 Global Config	215
14.4.2 Port Config	216
14.4.3 Local Info	217
14.4.4 Neighbor Info	218
Chapter 15 Maintenance	220
15.1 System Monitor	220
15.1.1 CPU Monitor	220
15.1.2 Memory Monitor	221
15.2 Log	222
15.2.1 Log Table	223
15.2.2 Local Log	224
15.2.3 Remote Log	224
15.2.4 Backup Log	225
15.3 Device Diagnostics	226
15.3.1 Cable Test	226
15.4 Network Diagnostics	227
15.4.1 Ping	227
15.4.2 Tracert	228
Appendix A: Specifications	229

Match case Limit results 1 per page

154

Select:

Select your desired port for configuration. It is multi-optional.

Port:

Displays the port number.

Option 82 Support:

Enable/Disable the Option 82 feature.

Operation Strategy:

Select the operation for the existed Option 82 field of the

DHCP request packets from the Host. The option 82 field in

DHCP reply packets will be remove when the option 82

feature is enable

，

no matter which operation is configured for

the existed option 82 filed.

•

Keep:

Indicates to keep the Option 82 field of the packets.

•

Replace:

Indicates to replace the Option 82 field of the

packets with the switch defined one.

•

Drop:

Indicates to discard the packets including the Option

82 field.

Circuit ID

Customization:

Enable or disable the switch to define the Option 82

sub-option Circuit ID field. With Disable selected, configure

VLAN ID and port number from which the packet is received

as the circuit ID default value.

Circuit ID:

Enter the sub-option Circuit ID for the customized Option 82

field.

Remote ID

Customization:

Enable or disable the switch to define the Option 82

sub-option Remote ID field. With Disable selected, configure

the switch system MAC address as the remote ID default

value.

Remote ID:

Enter the sub-option Remote ID for the customized Option 82.

LAG:

Displays the LAG to which the port belongs.

12.3

ARP Inspection

According to the ARP Implementation Procedure stated in

12.1.3 ARP Scanning

, it can be found

that ARP protocol can facilitate the Hosts in the same network segment to communicate with one

another or access to external network via Gateway. However, since ARP protocol is implemented

with the premise that all the Hosts and Gateways are trusted, there are high security risks during

ARP Implementation Procedure in the actual complex network. Thus, the cheating attacks against

ARP, such as imitating Gateway, cheating Gateway, cheating terminal Hosts and ARP Flooding

Attack, frequently occur to the network, especially to the large network such as campus network.

The following part will simply introduce these ARP attacks.



Imitating Gateway

The attacker sends the MAC address of a forged Gateway to Host, and then the Host will

automatically update the ARP table after receiving the ARP response packets, which causes that

the Host cannot access the network normally. The ARP Attack implemented by imitating Gateway

is illustrated in the following figure.