Home » TP-Link Manuals » Hubs & Switches » TP-Link T2500-28TCTL-SL5428E » Manual Viewer

TP-Link T2500-28TCTL-SL5428E T2500-28TCUN V1 User Guide - Page 219

DHCP Cheating Attack Implementation Procedure

View all TP-Link T2500-28TCTL-SL5428E manuals

Add to My Manuals
Save this manual to your list of manuals

Page 219 highlights

Figure 13-7 DHCP Cheating Attack Implementation Procedure DHCP Snooping feature only allows the port connected to the DHCP Server as the trusted port to forward DHCP packets and thereby ensures that users get proper IP addresses. DHCP Snooping is to monitor the process of the Host obtaining the IP address from DHCP server, and record the IP address, MAC address, VLAN and the connected Port number of the Host for automatic binding. The bound entry can cooperate with the ARP Inspection, IP Source Guard and the other security protection features. DHCP Snooping feature prevents the network from the DHCP Server Cheating Attack by discarding the DHCP packets on the distrusted port, so as to enhance the network security. 209

Section	Page
Package Contents	11
Chapter 1 About This Guide	12
1.1 Intended Readers	12
1.2 Conventions	12
1.3 Overview of This Guide	13
Chapter 2 Introduction	17
2.1 Overview of the Switch	17
2.2 Appearance Description	17
2.2.1 Front Panel	17
2.2.2 Rear Panel	18
Chapter 3 Login to the Switch	19
3.1 Login	19
3.2 Configuration	19
Chapter 4 System	21
4.1 System Info	21
4.1.1 System Summary	21
4.1.2 Device Description	23
4.1.3 System Time	23
4.1.4 Daylight Saving Time	24
4.1.5 System IP	26
4.1.6 System IPv6	27
4.2 User Management	35
4.2.1 User Table	35
4.2.2 User Config	35
4.3 System Tools	36
4.3.1 Config Restore	37
4.3.2 Config Backup	37
4.3.3 Firmware Upgrade	38
4.3.4 System Reboot	38
4.3.5 System Reset	39
4.4 Access Security	39
4.4.1 Access Control	39
4.4.2 SSL Config	41
4.4.3 SSH Config	42
Chapter 5 Switching	49
5.1 Port	49
5.1.1 Port Config	49
5.1.2 Port Mirror	50
5.1.3 Port Security	51
5.1.4 Port Isolation	53
5.1.5 Loopback detection	54
5.2 DDM	55
5.2.1 DDM Config	55
5.2.2 Temperature Threshold	56
5.2.3 Voltage Threshold	57
5.2.4 Bias Current Threshold	58
5.2.5 Tx Power Threshold	58
5.2.6 Rx Power Threshold	59
5.2.7 DDM Status	60
5.3 LAG	61
5.3.1 LAG Table	61
5.3.2 Static LAG	63
5.3.3 LACP Config	64
5.4 Traffic Monitor	66
5.4.1 Traffic Summary	66
5.4.2 Traffic Statistics	67
5.5 MAC Address	68
5.5.1 Address Table	69
5.5.2 Static Address	70
5.5.3 Dynamic Address	71
5.5.4 Filtering Address	73
Chapter 6 VLAN	75
6.1 802.1Q VLAN	76
6.1.1 VLAN Config	77
6.1.2 Port Config	79
6.2 MAC VLAN	81
6.2.1 MAC VLAN	82
6.2.2 Port Enable	83
6.3 Protocol VLAN	83
6.3.1 Protocol VLAN	84
6.3.2 Protocol Template	85
6.3.3 Port Enable	86
6.4 Application Example for 802.1Q VLAN	86
6.5 Application Example for MAC VLAN	88
6.6 Application Example for Protocol VLAN	89
6.7 VLAN VPN	91
6.7.1 VPN Config	92
6.7.2 VLAN Mapping	92
6.7.3 Port Enable	93
6.8 Private VLAN	95
6.8.1 PVLAN Config	98
6.8.2 Port Config	99
6.9 GVRP	101
6.10 Application Example for Private VLAN	104
Chapter 7 Spanning Tree	107
7.1 STP Config	111
7.1.1 STP Config	111
7.1.2 STP Summary	113
7.2 Port Config	114
7.3 MSTP Instance	115
7.3.1 Region Config	115
7.3.2 Instance Config	116
7.3.3 Instance Port Config	117
7.4 STP Security	119
7.4.1 Port Protect	119
7.4.2 TC Protect	121
7.5 Application Example for STP Function	122
Chapter 8 Ethernet OAM	126
8.1 Basic Config	129
8.1.1 Basic Config	129
8.1.2 Discovery Info	131
8.2 Link Monitoring	133
8.3 RFI	134
8.4 Remote Loopback	135
8.5 Statistics	136
8.5.1 Statistics	136
8.5.2 Event Log	137
8.6 DLDP	138
8.7 Application Example for DLDP	141
Chapter 9 DHCP	144
9.1 DHCP Relay	148
Chapter 10 Multicast	152
10.1 IGMP Snooping	156
10.1.1 Snooping Config	157
10.1.2 VLAN Config	158
10.1.3 Port Config	159
10.1.4 IP-Range	161
10.1.5 Multicast VLAN	162
10.1.6 Static Multicast IP	165
10.1.7 Packet Statistics	166
10.1.8 Querier Config	167
10.1.9 IGMP Authentication	168
10.2 MLD Snooping	169
10.2.1 Global Config	171
10.2.2 VLAN Config	172
10.2.3 Filter Config	174
10.2.4 Port Config	174
10.2.5 Static Multicast	175
10.2.6 Querier Config	176
10.2.7 Packet Statistics	177
10.3 Multicast Table	178
10.3.1 IPv4 Multicast Table	179
10.3.2 IPv6 Multicast Table	179
Chapter 11 QoS	181
11.1 DiffServ	184
11.1.1 Port Priority	184
11.1.2 DSCP Priority	185
11.1.3 802.1P/CoS Mapping	186
11.1.4 Schedule Mode	187
11.2 Bandwidth Control	188
11.2.1 Rate Limit	188
11.2.2 Storm Control	189
11.3 Voice VLAN	191
11.3.1 Global Config	193
11.3.2 Port Config	193
11.3.3 OUI Config	195
Chapter 12 ACL	197
12.1 Time-Range	197
12.1.1 Time-Range Summary	197
12.1.2 Time-Range Create	198
12.1.3 Holiday Config	199
12.2 ACL Config	199
12.2.1 ACL Summary	199
12.2.2 ACL Create	200
12.2.3 MAC ACL	201
12.2.4 Standard-IP ACL	201
12.2.5 Extend-IP ACL	202
12.2.6 Combined ACL	204
12.3 Policy Config	205
12.3.1 Policy Summary	205
12.3.2 Policy Create	206
12.3.3 Action Create	206
12.4 Policy Binding	208
12.4.1 Binding Table	208
12.4.2 Port Binding	208
12.4.3 VLAN Binding	209
12.5 Application Example for ACL	210
Chapter 13 Network Security	212
13.1 IP-MAC Binding	212
13.1.1 Binding Table	212
13.1.2 Manual Binding	213
13.1.3 ARP Scanning	215
13.2 DHCP Snooping	216
13.2.1 DHCP Snooping	220
13.2.2 Option 82	221
13.3 ARP Inspection	222
13.3.1 ARP Detect	225
13.3.2 ARP Defend	227
13.3.3 ARP Statistics	228
13.4 IP Source Guard	228
13.5 DoS Defend	229
13.5.1 DoS Defend	231
13.5.2 DoS Detect	232
13.6 802.1X	232
13.6.1 Global Config	236
13.6.2 Port Config	238
13.7 AAA	239
13.7.1 Global Config	240
13.7.2 Privilege Elevation	241
13.7.3 RADIUS Server Config	241
13.7.4 TACACS+ Server Config	242
13.7.5 Authentication Server Group Config	243
13.7.6 Authentication Method List Config	244
13.7.7 Application Authentication List Config	245
13.7.8 802.1X Authentication Server Config	246
13.7.9 Default Settings	246
13.8 PPPoE Config	247
Chapter 14 SNMP	250
14.1 SNMP Config	252
14.1.1 Global Config	252
14.1.2 SNMP View	253
14.1.3 SNMP Group	253
14.1.4 SNMP User	255
14.1.5 SNMP Community	257
14.2 Notification	259
14.2.1 Notification Config	259
14.2.2 Traps Config	260
14.3 RMON	263
14.3.1 History Control	264
14.3.2 Event Config	265
14.3.3 Alarm Config	266
Chapter 15 LLDP	268
15.1 Basic Config	271
15.1.1 Global Config	272
15.1.2 Port Config	273
15.2 Device Info	273
15.2.1 Local Info	273
15.2.2 Neighbor Info	274
15.3 Device Statistics	276
15.4 LLDP-MED	277
15.4.1 Global Config	278
15.4.2 Port Config	278
15.4.3 Local Info	281
15.4.4 Neighbor Info	282
Chapter 16 Cluster	284
16.1 NDP	285
16.1.1 Neighbor Info	285
16.1.2 NDP Summary	286
16.1.3 NDP Config	288
16.2 NTDP	289
16.2.1 Device Table	289
16.2.2 NTDP Summary	291
16.2.3 NTDP Config	292
16.3 Cluster	293
16.3.1 Cluster Summary	293
16.3.2 Cluster Config	296
16.3.3 Member Config	298
16.3.4 Cluster Topology	299
Chapter 17 Maintenance	302
17.1 System Monitor	302
17.1.1 CPU Monitor	302
17.1.2 Memory Monitor	303
17.2 Log	303
17.2.1 Log Table	304
17.2.2 Local Log	305
17.2.3 Remote Log	305
17.2.4 Backup Log	306
17.3 Device Diagnostics	307
17.4 Network Diagnostics	308
17.4.1 Ping	308
17.4.2 Tracert	309
Chapter 18 System Maintenance via FTP	310

Match case Limit results 1 per page

209

Figure 13-7 DHCP Cheating Attack Implementation Procedure

DHCP Snooping feature only allows the port connected to the DHCP Server as the trusted port to

forward DHCP packets and thereby ensures that users get proper IP addresses. DHCP Snooping

is to monitor the process of the Host obtaining the IP address from DHCP server, and record the IP

address, MAC address, VLAN and the connected Port number of the Host for automatic binding.

The bound entry can cooperate with the ARP Inspection, IP Source Guard and the other security

protection features. DHCP Snooping feature prevents the network from the DHCP Server

Cheating Attack by discarding the DHCP packets on the distrusted port, so as to enhance the

network security.