Home » TP-Link Manuals » Hubs & Switches » TP-Link TL-SG2424P » Manual Viewer

TP-Link TL-SG2424P TL-SG2424P V1 User Guide 1910010774 - Page 60

DHCP-ACK Stage, DHCP Cheating Attack, Switching, DHCP Filtering - user manual

Add to My Manuals
Save this manual to your list of manuals

Page 60 highlights

packet and broadcast the DHCP-REQUEST packet which includes the assigned IP address of the DHCP-OFFER packet. （4） DHCP-ACK Stage: Since the DHCP-REQUEST packet is broadcasted, all DHCP servers on the network segment can receive it. However, only the requested server processes the request. If the DHCP server acknowledges assigning this IP address to the client, it will send the DHCP-ACK packet back to the client. Otherwise, the Server will send the DHCP-NAK packet to refuse assigning this IP address to the client.  DHCP Cheating Attack During the working process of DHCP, generally there is no authentication mechanism between Server and Client. If there are several DHCP servers in the network, network confusion and security problem will happen. The common cases incurring the illegal DHCP servers are the following two: （1） It's common that the illegal DHCP server is manually configured by the user by mistake. （2） Hacker exhausted the IP addresses of the normal DHCP server and then pretended to be a legal DHCP server to assign the IP addresses and the other parameters to Clients. For example, hacker used the pretended DHCP server to assign a modified DNS server address to users so as to induce the users to the evil financial website or electronic trading website and cheat the users of their accounts and passwords. The following figure illustrates the DHCP Cheating Attack implementation procedure. Figure 5-18 DHCP Cheating Attack Implementation Procedure DHCP Filtering feature allows only the trusted ports to forward DHCP packets and thereby ensures that users get proper IP addresses. DHCP Filtering is to monitor the process of hosts obtaining the IP addresses from DHCP servers, and record the IP address, MAC address, VLAN and the connected Port number of the Host for automatic binding. DHCP Filtering feature prevents the network from the DHCP Server Cheating Attack by discarding the DHCP packets on the distrusted port, so as to enhance the network security. Choose the menu Switching → DHCP Filtering to load the following page. 52

Section	Page
Package Contents	9
Chapter 1 About this Guide	10
1.1 Intended Readers	10
1.2 Conventions	10
1.3 Overview of This Guide	10
Chapter 2 Introduction	13
2.1 Overview of the Switch	13
2.2 Main Features	13
2.3 Appearance Description	14
2.3.1 Front Panel	14
2.3.2 Rear Panel	15
Chapter 3 Login to the Switch	16
3.1 Login	16
3.2 Configuration	16
Chapter 4 System	18
4.1 System Info	18
4.1.1 System Summary	18
4.1.2 Device Description	20
4.1.3 System Time	20
4.1.4 Daylight Saving Time	21
4.1.5 System IP	23
4.2 User Management	24
4.2.1 User Table	24
4.2.2 User Config	24
4.3 System Tools	26
4.3.1 Config Restore	26
4.3.2 Config Backup	26
4.3.3 Firmware Upgrade	27
4.3.4 System Reboot	28
4.3.5 System Reset	28
4.4 Access Security	28
4.4.1 Access Control	29
4.4.2 SSL Config	30
4.4.3 SSH Config	31
Chapter 5 Switching	37
5.1 Port	37
5.1.1 Port Config	37
5.1.2 Port Mirror	38
5.1.3 Port Security	40
5.1.4 Port Isolation	42
5.1.5 Loopback Detection	43
5.2 LAG	44
5.2.1 LAG Table	45
5.2.2 Static LAG	46
5.2.3 LACP Config	47
5.3 Traffic Monitor	49
5.3.1 Traffic Summary	49
5.3.2 Traffic Statistics	50
5.4 MAC Address	52
5.4.1 Address Table	53
5.4.2 Static Address	54
5.4.3 Dynamic Address	55
5.4.4 Filtering Address	57
5.5 DHCP Filtering	58
Chapter 6 VLAN	62
6.1 802.1Q VLAN	63
6.1.1 VLAN Config	65
6.1.2 Port Config	67
6.2 Application Example for 802.1Q VLAN	69
Chapter 7 Spanning Tree	71
7.1 STP Config	76
7.1.1 STP Config	76
7.1.2 STP Summary	78
7.2 Port Config	78
7.3 MSTP Instance	80
7.3.1 Region Config	80
7.3.2 Instance Config	81
7.3.3 Instance Port Config	82
7.4 STP Security	84
7.4.1 Port Protect	84
7.4.2 TC Protect	87
7.5 Application Example for STP Function	87
Chapter 8 Multicast	91
8.1 IGMP Snooping	93
8.1.1 Snooping Config	94
8.1.2 Port Config	95
8.1.3 VLAN Config	96
8.1.4 Multicast VLAN	98
8.2 Multicast IP	101
8.2.1 Multicast IP Table	101
8.2.2 Static Multicast IP	102
8.3 Multicast Filter	103
8.3.1 IP-Range	103
8.3.2 Port Filter	104
8.4 Packet Statistics	106
Chapter 9 QoS	108
9.1 DiffServ	111
9.1.1 Port Priority	111
9.1.2 DSCP Priority	112
9.1.3 802.1P/CoS mapping	113
9.1.4 Schedule Mode	114
9.2 Bandwidth Control	115
9.2.1 Rate Limit	115
9.2.2 Storm Control	116
9.3 Voice VLAN	118
9.3.1 Global Config	120
9.3.2 Port Config	120
9.3.3 OUI Config	122
Chapter 10 PoE	124
10.1 PoE Config	124
10.1.1 PoE Config	125
10.1.2 PoE Profile	126
10.2 PoE Time-Range	127
10.2.1 Time-Range Summary	127
10.2.2 PoE Time-Range Create	128
10.2.3 PoE Holiday Config	129
Chapter 11 SNMP	130
11.1 SNMP Config	132
11.1.1 Global Config	132
11.1.2 SNMP View	133
11.1.3 SNMP Group	134
11.1.4 SNMP User	135
11.1.5 SNMP Community	137
11.2 Notification	139
11.3 RMON	141
11.3.1 History Control	142
11.3.2 Event Config	142
11.3.3 Alarm Config	143
Chapter 12 LLDP	146
12.1 Basic Config	150
12.1.1 Global Config	150
12.1.2 Port Config	151
12.2 Device Info	152
12.2.1 Local Info	152
12.2.2 Neighbor Info	153
12.3 Device Statistics	153
12.4 LLDP-MED	155
12.4.1 Global Config	156
12.4.2 Port Config	156
12.4.3 Local Info	158
12.4.4 Neighbor Info	159
Chapter 13 Maintenance	161
13.1 System Monitor	161
13.1.1 CPU Monitor	161
13.1.2 Memory Monitor	162
13.2 Log	162
13.2.1 Log Table	163
13.2.2 Local Log	164
13.2.3 Remote Log	165
13.2.4 Backup Log	165
13.3 Device Diagnostics	166
13.3.1 Cable Test	166
13.3.2 Loopback	167
13.4 Network Diagnostics	168
13.4.1 Ping	168
13.4.2 Tracert	168
Appendix A: Specifications	170
Appendix B: Configuring the PCs	171

Match case Limit results 1 per page

packet and broadcast the DHCP-REQUEST packet which includes the assigned IP

address of the DHCP-OFFER packet.

（

）

DHCP-ACK Stage:

Since the DHCP-REQUEST packet is broadcasted, all DHCP servers

on the network segment can receive it. However, only the requested server processes the

request. If the DHCP server acknowledges assigning this IP address to the client, it will

send the DHCP-ACK packet back to the client. Otherwise, the Server will send the

DHCP-NAK packet to refuse assigning this IP address to the client.



DHCP Cheating Attack

During the working process of DHCP, generally there is no authentication mechanism between

Server and Client. If there are several DHCP servers in the network, network confusion and

security problem will happen. The common cases incurring the illegal DHCP servers are the

following two:

（

）

It’s common that the illegal DHCP server is manually configured by the user by mistake.

（

）

Hacker exhausted the IP addresses of the normal DHCP server and then pretended to be

a legal DHCP server to assign the IP addresses and the other parameters to Clients. For

example, hacker used the pretended DHCP server to assign a modified DNS server

address to users so as to induce the users to the evil financial website or electronic trading

website and cheat the users of their accounts and passwords. The following figure

illustrates the DHCP Cheating Attack implementation procedure.

Figure 5-18 DHCP Cheating Attack Implementation Procedure

DHCP Filtering feature allows only the trusted ports to forward DHCP packets and thereby

ensures that users get proper IP addresses. DHCP Filtering is to monitor the process of hosts

obtaining the IP addresses from DHCP servers, and record the IP address, MAC address, VLAN

and the connected Port number of the Host for automatic binding. DHCP Filtering feature prevents

the network from the DHCP Server Cheating Attack by discarding the DHCP packets on the

distrusted port, so as to enhance the network security.

Choose the menu

Switching

→

DHCP Filtering

to load the following page.