Home » TP-Link Manuals » Hubs & Switches » TP-Link TL-SG5412F » Manual Viewer

TP-Link TL-SG5412F TL-SG5412F V1 User Guide - Page 161

Network Security, IP-MAC Binding, DHCP Snooping

Add to My Manuals
Save this manual to your list of manuals

Page 161 highlights

Figure 11-7 DHCP Cheating Attack Implementation Procedure DHCP Snooping feature only allows the port connected to the DHCP Server as the trusted port to forward DHCP packets and thereby ensures that users get proper IP addresses. DHCP Snooping is to monitor the process of the Host obtaining the IP address from DHCP server, and record the IP address, MAC address, VLAN and the connected Port number of the Host for automatic binding. The bound entry can cooperate with the ARP Inspection, IP Source Guard and the other security protection features. DHCP Snooping feature prevents the network from the DHCP Server Cheating Attack by discarding the DHCP packets on the distrusted port, so as to enhance the network security. Choose the menu Network Security→IP-MAC Binding→DHCP Snooping to load the following page. 152

Section	Page
1.1 Intended Readers	11
1.2 Conventions	11
1.3 Overview of This Guide	11
2.1 Overview of the Switch	16
2.2 Main Features	16
2.3 Appearance Description	17
2.3.1 Front Panel	17
2.3.2 Rear Panel	18
3.1 Login	19
3.2 Configuration	19
4.1 System Info	21
4.1.1 System Summary	21
4.1.2 Device Description	23
4.1.3 System Time	23
4.1.4 System IP	25
4.2 User Manage	26
4.2.1 User Table	26
4.2.2 User Config	27
4.3 System Tools	28
4.3.1 Config Restore	28
4.3.2 Config Backup	29
4.3.3 Firmware Upgrade	29
4.3.4 System Reboot	30
4.3.5 System Reset	30
4.4 Access Security	31
4.4.1 Access Control	31
4.4.2 SSL Config	32
4.4.3 SSH Config	33
5.1 Port	39
5.1.1 Port Config	39
5.1.2 Port Mirror	40
5.1.3 Port Security	42
5.1.4 Port Isolation	44
5.2 LAG	45
5.2.1 LAG Table	45
5.2.2 Static LAG	47
5.2.3 LACP Config	48
5.3 Traffic Monitor	50
5.3.1 Traffic Summary	50
5.3.2 Traffic Statistics	51
5.4 MAC Address	53
5.4.1 Address Table	53
5.4.2 Static Address	55
5.4.3 Dynamic Address	56
5.4.4 Filtering Address	58
6.1 802.1Q VLAN	61
6.1.1 VLAN Config	62
6.1.2 Port Config	65
6.2 Protocol VLAN	67
6.2.1 Protocol VLAN	67
6.2.2 Protocol Template	68
6.2.3 Port Enable	69
6.3 Application Example for 802.1Q VLAN	70
6.4 Application Example for Protocol VLAN	71
6.5 VLAN VPN	73
6.5.1 VPN Config	74
6.5.2 Port Enable	74
6.6 GVRP	75
6.7 Private VLAN	78
6.7.1 PVLAN	82
6.7.2 Port Config	83
6.8 Application Example for Private VLAN	84
7.1 STP Config	92
7.1.1 STP Config	92
7.1.2 STP Summary	93
7.2 Port Config	94
7.3 MSTP Instance	96
7.3.1 Region Config	97
7.3.2 Instance Config	97
7.3.3 Instance Port Config	98
7.4 STP Security	100
7.4.1 Port Protect	100
7.4.2 TC Protect	103
7.5 Application Example for STP Function	103
8.1 IGMP Snooping	109
8.1.1 Snooping Config	110
8.1.2 Port Config	111
8.1.3 VLAN Config	113
8.1.4 Multicast VLAN	114
8.2 Multicast IP	118
8.2.1 Multicast IP Table	118
8.2.2 Static Multicast IP	119
8.3 Multicast Filter	120
8.3.1 IP-Range	120
8.3.2 Port Filter	121
8.4 Packet Statistics	122
9.1 DiffServ	126
9.1.1 Port Priority	126
9.1.2 Schedule Mode	127
9.1.3 802.1P Priority	128
9.1.4 DSCP Priority	129
9.2 Bandwidth Control	131
9.2.1 Rate Limit	131
9.2.2 Storm Control	132
9.3 Voice VLAN	134
9.3.1 Global Config	136
9.3.2 Port Config	136
9.3.3 OUI Config	138
10.1 Time-Range	140
10.1.1 Time-Range Summary	140
10.1.2 Time-Range Create	141
10.1.3 Holiday Config	142
10.2 ACL Config	142
10.2.1 ACL Summary	143
10.2.2 ACL Create	143
10.2.3 MAC ACL	144
10.2.4 Standard-IP ACL	145
10.2.5 Extend-IP ACL	145
10.3 Policy Config	147
10.3.1 Policy Summary	147
10.3.2 Policy Create	147
10.3.3 Action Create	148
10.4 Policy Binding	149
10.4.1 Binding Table	149
10.4.2 Port Binding	150
10.4.3 VLAN Binding	150
11.1 IP-MAC Binding	154
11.1.1 Binding Table	154
11.1.2 Manual Binding	155
11.1.3 ARP Scanning	157
11.1.4 DHCP Snooping	158
11.2 ARP Inspection	164
11.2.1 ARP Detect	167
11.2.2 ARP Defend	168
11.2.3 ARP Statistics	169
11.3 IP Source Guard	170
11.4 DoS Defend	171
11.5 802.1X	172
11.5.1 Global Config	176
11.5.2 Port Config	178
11.5.3 Radius Server	179
12.1 SNMP Config	183
12.1.1 Global Config	183
12.1.2 SNMP View	184
12.1.3 SNMP Group	185
12.1.4 SNMP User	186
12.1.5 SNMP Community	188
12.2 Notification	190
12.3 RMON	192
12.3.1 History Control	192
12.3.2 Event Config	193
12.3.3 Alarm Config	194
13.1 Basic Config	200
13.1.1 Global Config	200
13.1.2 Port Config	202
13.2 Device Info	202
13.2.1 Local Info	203
13.2.2 Neighbor Info	203
13.2.3 Device Statistics	204
14.1 NDP	208
14.1.1 Neighbor Info	208
14.1.2 NDP Summary	209
14.1.3 NDP Config	210
14.2 NTDP	211
14.2.1 Device Table	211
14.2.2 NTDP Summary	213
14.2.3 NTDP Config	215
14.3 Cluster	216
14.3.1 Cluster Summary	216
14.3.2 Cluster Config	219
14.3.3 Member Config	221
14.3.4 Cluster Topology	222
14.4 Application Example for Cluster Function	224
15.1 System Monitor	227
15.1.1 CPU Monitor	227
15.1.2 Memory Monitor	228
15.2 Log	229
15.2.1 Log Table	230
15.2.2 Local Log	231
15.2.3 Remote Log	231
15.2.4 Backup Log	232
15.3 Device Diagnose	233
15.3.1 Cable Test	233
15.3.2 Loopback	234
15.4 Network Diagnose	235
15.4.1 Ping	235

Match case Limit results 1 per page

Figure 11-7 DHCP Cheating Attack Implementation Procedure

DHCP Snooping feature only allows the port connected to the DHCP Server as the trusted port to

forward DHCP packets and thereby ensures that users get proper IP addresses. DHCP Snooping

is to monitor the process of the Host obtaining the IP address from DHCP server, and record the IP

address, MAC address, VLAN and the connected Port number of the Host for automatic binding.

The bound entry can cooperate with the ARP Inspection, IP Source Guard and the other security

protection features. DHCP Snooping feature prevents the network from the DHCP Server

Cheating Attack by discarding the DHCP packets on the distrusted port, so as to enhance the

network security.

Choose the menu

Network Security

→

IP-MAC Binding

→

DHCP Snooping

to load the following

page.

152