Home » TP-Link Manuals » Hubs & Switches » TP-Link T2500-28TCTL-SL5428E » Manual Viewer

TP-Link T2500-28TCTL-SL5428E T2500-28TCUN V1 User Guide - Page 225

ARP Detect, ARP Flooding Attack, ARP Inspection, ARP Detect, Statistics

View all TP-Link T2500-28TCTL-SL5428E manuals

Add to My Manuals
Save this manual to your list of manuals

Page 225 highlights

Suppose there are three Hosts in LAN connected with one another through a switch. Host A: IP address is 192.168.0.101; MAC address is 00-00-00-11-11-11. Host B: IP address is 192.168.0.102; MAC address is 00-00-00-22-22-22. Attacker: IP address is 192.168.0.103; MAC address is 00-00-00-33-33-33. 1. First, the attacker sends the false ARP response packets. 2. Upon receiving the ARP response packets, Host A and Host B updates the ARP table of their own. 3. When Host A communicates with Host B, it will send the packets to the false destination MAC address, i.e. to the attacker, according to the updated ARP table. 4. After receiving the communication packets between Host A and Host B, the attacker processes and forwards the packets to the correct destination MAC address, which makes Host A and Host B keep a normal-appearing communication. 5. The attacker continuously sends the false ARP packets to the Host A and Host B so as to make the Hosts always maintain the wrong ARP table. In the view of Host A and Host B, their packets are directly sent to each other. But in fact, there is a Man-In-The-Middle stolen the packets information during the communication procedure. This kind of ARP attack is called Man-In-The-Middle attack.  ARP Flooding Attack The attacker broadcasts a mass of various fake ARP packets in a network segment to occupy the network bandwidth viciously, which results in a dramatic slowdown of network speed. Meantime, the Gateway learns the false IP address-to-MAC address mapping entries from these ARP packets and updates its ARP table. As a result, the ARP table is fully occupied by the false entries and unable to learn the ARP entries of legal Hosts, which causes that the legal Hosts cannot access the external network. The IP-MAC Binding function allows the switch to bind the IP address, MAC address, VLAN ID and the connected Port number of the Host together when the Host connects to the switch. Basing on the predefined IP-MAC Binding entries, the ARP Inspection functions to detect the ARP packets and filter the illegal ARP packet so as to prevent the network from ARP attacks. The ARP Inspection function is implemented on the ARP Detect, ARP Defend and ARP Statistics pages. 13.3.1 ARP Detect ARP Detect feature enables the switch to detect the ARP packets basing on the bound entries in the IP-MAC Binding Table and filter the illegal ARP packets, so as to prevent the network from ARP attacks, such as the Network Gateway Spoofing and Man-In-The-Middle Attack, etc. 215

Section	Page
Package Contents	11
Chapter 1 About This Guide	12
1.1 Intended Readers	12
1.2 Conventions	12
1.3 Overview of This Guide	13
Chapter 2 Introduction	17
2.1 Overview of the Switch	17
2.2 Appearance Description	17
2.2.1 Front Panel	17
2.2.2 Rear Panel	18
Chapter 3 Login to the Switch	19
3.1 Login	19
3.2 Configuration	19
Chapter 4 System	21
4.1 System Info	21
4.1.1 System Summary	21
4.1.2 Device Description	23
4.1.3 System Time	23
4.1.4 Daylight Saving Time	24
4.1.5 System IP	26
4.1.6 System IPv6	27
4.2 User Management	35
4.2.1 User Table	35
4.2.2 User Config	35
4.3 System Tools	36
4.3.1 Config Restore	37
4.3.2 Config Backup	37
4.3.3 Firmware Upgrade	38
4.3.4 System Reboot	38
4.3.5 System Reset	39
4.4 Access Security	39
4.4.1 Access Control	39
4.4.2 SSL Config	41
4.4.3 SSH Config	42
Chapter 5 Switching	49
5.1 Port	49
5.1.1 Port Config	49
5.1.2 Port Mirror	50
5.1.3 Port Security	51
5.1.4 Port Isolation	53
5.1.5 Loopback detection	54
5.2 DDM	55
5.2.1 DDM Config	55
5.2.2 Temperature Threshold	56
5.2.3 Voltage Threshold	57
5.2.4 Bias Current Threshold	58
5.2.5 Tx Power Threshold	58
5.2.6 Rx Power Threshold	59
5.2.7 DDM Status	60
5.3 LAG	61
5.3.1 LAG Table	61
5.3.2 Static LAG	63
5.3.3 LACP Config	64
5.4 Traffic Monitor	66
5.4.1 Traffic Summary	66
5.4.2 Traffic Statistics	67
5.5 MAC Address	68
5.5.1 Address Table	69
5.5.2 Static Address	70
5.5.3 Dynamic Address	71
5.5.4 Filtering Address	73
Chapter 6 VLAN	75
6.1 802.1Q VLAN	76
6.1.1 VLAN Config	77
6.1.2 Port Config	79
6.2 MAC VLAN	81
6.2.1 MAC VLAN	82
6.2.2 Port Enable	83
6.3 Protocol VLAN	83
6.3.1 Protocol VLAN	84
6.3.2 Protocol Template	85
6.3.3 Port Enable	86
6.4 Application Example for 802.1Q VLAN	86
6.5 Application Example for MAC VLAN	88
6.6 Application Example for Protocol VLAN	89
6.7 VLAN VPN	91
6.7.1 VPN Config	92
6.7.2 VLAN Mapping	92
6.7.3 Port Enable	93
6.8 Private VLAN	95
6.8.1 PVLAN Config	98
6.8.2 Port Config	99
6.9 GVRP	101
6.10 Application Example for Private VLAN	104
Chapter 7 Spanning Tree	107
7.1 STP Config	111
7.1.1 STP Config	111
7.1.2 STP Summary	113
7.2 Port Config	114
7.3 MSTP Instance	115
7.3.1 Region Config	115
7.3.2 Instance Config	116
7.3.3 Instance Port Config	117
7.4 STP Security	119
7.4.1 Port Protect	119
7.4.2 TC Protect	121
7.5 Application Example for STP Function	122
Chapter 8 Ethernet OAM	126
8.1 Basic Config	129
8.1.1 Basic Config	129
8.1.2 Discovery Info	131
8.2 Link Monitoring	133
8.3 RFI	134
8.4 Remote Loopback	135
8.5 Statistics	136
8.5.1 Statistics	136
8.5.2 Event Log	137
8.6 DLDP	138
8.7 Application Example for DLDP	141
Chapter 9 DHCP	144
9.1 DHCP Relay	148
Chapter 10 Multicast	152
10.1 IGMP Snooping	156
10.1.1 Snooping Config	157
10.1.2 VLAN Config	158
10.1.3 Port Config	159
10.1.4 IP-Range	161
10.1.5 Multicast VLAN	162
10.1.6 Static Multicast IP	165
10.1.7 Packet Statistics	166
10.1.8 Querier Config	167
10.1.9 IGMP Authentication	168
10.2 MLD Snooping	169
10.2.1 Global Config	171
10.2.2 VLAN Config	172
10.2.3 Filter Config	174
10.2.4 Port Config	174
10.2.5 Static Multicast	175
10.2.6 Querier Config	176
10.2.7 Packet Statistics	177
10.3 Multicast Table	178
10.3.1 IPv4 Multicast Table	179
10.3.2 IPv6 Multicast Table	179
Chapter 11 QoS	181
11.1 DiffServ	184
11.1.1 Port Priority	184
11.1.2 DSCP Priority	185
11.1.3 802.1P/CoS Mapping	186
11.1.4 Schedule Mode	187
11.2 Bandwidth Control	188
11.2.1 Rate Limit	188
11.2.2 Storm Control	189
11.3 Voice VLAN	191
11.3.1 Global Config	193
11.3.2 Port Config	193
11.3.3 OUI Config	195
Chapter 12 ACL	197
12.1 Time-Range	197
12.1.1 Time-Range Summary	197
12.1.2 Time-Range Create	198
12.1.3 Holiday Config	199
12.2 ACL Config	199
12.2.1 ACL Summary	199
12.2.2 ACL Create	200
12.2.3 MAC ACL	201
12.2.4 Standard-IP ACL	201
12.2.5 Extend-IP ACL	202
12.2.6 Combined ACL	204
12.3 Policy Config	205
12.3.1 Policy Summary	205
12.3.2 Policy Create	206
12.3.3 Action Create	206
12.4 Policy Binding	208
12.4.1 Binding Table	208
12.4.2 Port Binding	208
12.4.3 VLAN Binding	209
12.5 Application Example for ACL	210
Chapter 13 Network Security	212
13.1 IP-MAC Binding	212
13.1.1 Binding Table	212
13.1.2 Manual Binding	213
13.1.3 ARP Scanning	215
13.2 DHCP Snooping	216
13.2.1 DHCP Snooping	220
13.2.2 Option 82	221
13.3 ARP Inspection	222
13.3.1 ARP Detect	225
13.3.2 ARP Defend	227
13.3.3 ARP Statistics	228
13.4 IP Source Guard	228
13.5 DoS Defend	229
13.5.1 DoS Defend	231
13.5.2 DoS Detect	232
13.6 802.1X	232
13.6.1 Global Config	236
13.6.2 Port Config	238
13.7 AAA	239
13.7.1 Global Config	240
13.7.2 Privilege Elevation	241
13.7.3 RADIUS Server Config	241
13.7.4 TACACS+ Server Config	242
13.7.5 Authentication Server Group Config	243
13.7.6 Authentication Method List Config	244
13.7.7 Application Authentication List Config	245
13.7.8 802.1X Authentication Server Config	246
13.7.9 Default Settings	246
13.8 PPPoE Config	247
Chapter 14 SNMP	250
14.1 SNMP Config	252
14.1.1 Global Config	252
14.1.2 SNMP View	253
14.1.3 SNMP Group	253
14.1.4 SNMP User	255
14.1.5 SNMP Community	257
14.2 Notification	259
14.2.1 Notification Config	259
14.2.2 Traps Config	260
14.3 RMON	263
14.3.1 History Control	264
14.3.2 Event Config	265
14.3.3 Alarm Config	266
Chapter 15 LLDP	268
15.1 Basic Config	271
15.1.1 Global Config	272
15.1.2 Port Config	273
15.2 Device Info	273
15.2.1 Local Info	273
15.2.2 Neighbor Info	274
15.3 Device Statistics	276
15.4 LLDP-MED	277
15.4.1 Global Config	278
15.4.2 Port Config	278
15.4.3 Local Info	281
15.4.4 Neighbor Info	282
Chapter 16 Cluster	284
16.1 NDP	285
16.1.1 Neighbor Info	285
16.1.2 NDP Summary	286
16.1.3 NDP Config	288
16.2 NTDP	289
16.2.1 Device Table	289
16.2.2 NTDP Summary	291
16.2.3 NTDP Config	292
16.3 Cluster	293
16.3.1 Cluster Summary	293
16.3.2 Cluster Config	296
16.3.3 Member Config	298
16.3.4 Cluster Topology	299
Chapter 17 Maintenance	302
17.1 System Monitor	302
17.1.1 CPU Monitor	302
17.1.2 Memory Monitor	303
17.2 Log	303
17.2.1 Log Table	304
17.2.2 Local Log	305
17.2.3 Remote Log	305
17.2.4 Backup Log	306
17.3 Device Diagnostics	307
17.4 Network Diagnostics	308
17.4.1 Ping	308
17.4.2 Tracert	309
Chapter 18 System Maintenance via FTP	310

Match case Limit results 1 per page

215

Suppose there are three Hosts in LAN connected with one another through a switch.

Host A: IP address is 192.168.0.101; MAC address is 00-00-00-11-11-11.

Host B: IP address is 192.168.0.102; MAC address is 00-00-00-22-22-22.

Attacker: IP address is 192.168.0.103; MAC address is 00-00-00-33-33-33.

First, the attacker sends the false ARP response packets.

Upon receiving the ARP response packets, Host A and Host B updates the ARP table of their

own.

When Host A communicates with Host B, it will send the packets to the false destination MAC

address, i.e. to the attacker, according to the updated ARP table.

After receiving the communication packets between Host A and Host B, the attacker

processes and forwards the packets to the correct destination MAC address, which makes

Host A and Host B keep a normal-appearing communication.

The attacker continuously sends the false ARP packets to the Host A and Host B so as to

make the Hosts always maintain the wrong ARP table.

In the view of Host A and Host B, their packets are directly sent to each other. But in fact, there is a

Man-In-The-Middle stolen the packets information during the communication procedure. This kind

of ARP attack is called Man-In-The-Middle attack.



ARP Flooding Attack

The attacker broadcasts a mass of various fake ARP packets in a network segment to occupy the

network bandwidth viciously, which results in a dramatic slowdown of network speed. Meantime,

the Gateway learns the false IP address-to-MAC address mapping entries from these ARP

packets and updates its ARP table. As a result, the ARP table is fully occupied by the false entries

and unable to learn the ARP entries of legal Hosts, which causes that the legal Hosts cannot

access the external network.

The IP-MAC Binding function allows the switch to bind the IP address, MAC address, VLAN ID

and the connected Port number of the Host together when the Host connects to the switch. Basing

on the predefined IP-MAC Binding entries, the ARP Inspection functions to detect the ARP packets

and filter the illegal ARP packet so as to prevent the network from ARP attacks.

The

ARP Inspection

function is implemented on the

ARP Detect

ARP Defend

and

ARP

Statistics

pages.

13.3.1 ARP Detect

ARP Detect feature enables the switch to detect the ARP packets basing on the bound entries in

the IP-MAC Binding Table and filter the illegal ARP packets, so as to prevent the network from

ARP attacks, such as the Network Gateway Spoofing and Man-In-The-Middle Attack, etc.