Home » ZyXEL Manuals » Networking » ZyXEL ES-3124PWR » Manual Viewer

ZyXEL ES-3124PWR User Guide - Page 211

ARP Inspection VLAN Con

Get ZyXEL ES-3124PWR PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 211 highlights

Chapter 24 IP Source Guard The following table describes the labels in this screen. Table 81 Advanced Application > IP Source Guard > ARP Inspection > Configure > Port LABEL DESCRIPTION Port This field displays the port number. If you configure the * port, the settings are applied to all of the ports. Trusted State Select whether this port is a trusted port (Trusted) or an untrusted port (Untrusted). The Switch does not discard ARP packets on trusted ports for any reason. The Switch discards ARP packets on untrusted ports in the following situations: • The sender's information in the ARP packet does not match any of the current bindings. • The rate at which ARP packets arrive is too high. You can specify the maximum rate at which ARP packets can arrive on untrusted ports. Limit These settings have no effect on trusted ports. Rate (pps) Specify the maximum rate (0-2048 packets per second) at which the Switch receives ARP packets from each port. The Switch discards any additional ARP packets. Enter 0 to disable this limit. Burst interval (seconds) The burst interval is the length of time over which the rate of ARP packets is monitored for each port. For example, if the Rate is 15 pps and the burst interval is 1 second, then the Switch accepts a maximum of 15 ARP packets in every one-second interval. If the burst interval is 5 seconds, then the Switch accepts a maximum of 75 ARP packets in every fivesecond interval. Enter the length (1-15 seconds) of the burst interval. Apply Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. 24.7.2 ARP Inspection VLAN Configure Use this screen to enable ARP inspection on each VLAN and to specify when the Switch generates log messages for receiving ARP packets from each VLAN. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure > VLAN. Figure 116 Advanced Application > IP Source Guard > ARP Inspection > Configure > VLAN ES-3124 Series User's Guide 211

Section	Page
User’s Guide	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Contents Overview	9
Table of Contents	11
Introduction	21
Introducing the Switch	23
1.1 Overview	23
1.1.1 Backbone Application	23
1.1.2 Bridging Example	24
1.1.3 High-performance Switched Example	25
1.1.4 IEEE 802.1Q VLAN Application Examples	25
1.2 Ways to Manage the Switch	26
1.3 Good Habits for Managing the Switch	27
Hardware	29
Hardware Installation and Connection	31
2.1 Freestanding Installation	31
2.2 Mounting the Switch on a Rack	32
2.2.1 Rack-mounted Installation Requirements	32
2.2.2 Attaching the Mounting Brackets to the Switch	32
2.2.3 Mounting the Switch on a Rack	33
Hardware Overview	35
3.1 Panel Connections	35
3.1.1 Console Port	37
3.1.2 Ethernet Ports	37
3.1.3 Transceiver Slots	38
3.2 Rear Panel	39
3.3 Power Connections Overview	40
3.3.1 AC Power Connection	40
3.3.2 DC Power Connection	41
3.3.3 External Backup Power Supply Connector	42
3.3.4 Powering on the Switch	42
3.4 LEDs	42
Web Configurator	45
The Web Configurator	47
4.1 Introduction	47
4.2 System Login	47
4.3 The Status Screen	48
4.3.1 Change Your Password	53
4.4 Saving Your Configuration	53
4.5 Switch Lockout	54
4.6 Resetting the Switch	54
4.6.1 Reload the Configuration File	54
4.7 Logging Out of the Web Configurator	55
4.8 Help	56
Initial Setup Example	57
5.1 Overview	57
5.1.1 Creating a VLAN	57
5.1.2 Setting Port VID	58
5.2 Configuring Switch Management IP Address	59
System Status and Port Statistics	61
6.1 Overview	61
6.2 Port Status Summary	61
6.2.1 Status: Port Details	62
Basic Setting	67
7.1 Overview	67
7.2 System Information	67
7.3 General Setup	69
7.4 Introduction to VLANs	71
7.5 Switch Setup Screen	72
7.6 IP Setup	74
7.6.1 IP Interfaces	74
7.7 Port Setup	76
VLAN	79
8.1 Introduction to IEEE 802.1Q Tagged VLANs	79
8.1.1 Forwarding Tagged and Untagged Frames	79
8.2 Automatic VLAN Registration	80
8.2.1 GARP	80
8.2.2 GVRP	80
8.3 Port VLAN Trunking	81
8.4 Select the VLAN Type	81
8.5 Static VLAN	81
8.5.1 Static VLAN Status	82
8.5.2 Static VLAN Details	82
8.5.3 Configure a Static VLAN	83
8.5.4 Configure VLAN Port Settings	84
8.6 Subnet Based VLANs	86
8.7 Configuring Subnet Based VLAN	87
8.8 Protocol Based VLANs	88
8.9 Configuring Protocol Based VLAN	89
8.10 Create an IP-based VLAN Example	91
8.11 Port-based VLAN Setup	92
8.11.1 Configure a Port-based VLAN	92
Static MAC Forward Setup	97
9.1 Overview	97
9.2 Configuring Static MAC Forwarding	97
Filtering	99
10.1 Configure a Filtering Rule	99
Spanning Tree Protocol	101
11.1 STP/RSTP Overview	101
11.1.1 STP Terminology	101
11.1.2 How STP Works	102
11.1.3 STP Port States	103
11.1.4 Multiple RSTP	103
11.1.5 Multiple STP	104
11.2 Spanning Tree Protocol Status Screen	106
11.3 Spanning Tree Configuration	107
11.4 Configure Rapid Spanning Tree Protocol	108
11.5 Rapid Spanning Tree Protocol Status	109
11.6 Configure Multiple Rapid Spanning Tree Protocol	111
11.7 Multiple Rapid Spanning Tree Protocol Status	112
11.8 Configure Multiple Spanning Tree Protocol	114
11.9 Multiple Spanning Tree Protocol Status	116
Bandwidth Control	119
12.1 Bandwidth Control Overview	119
12.1.1 CIR and PIR	119
12.2 Bandwidth Control Setup	119
Broadcast Storm Control	121
13.1 Broadcast Storm Control Setup	121
Mirroring	123
14.1 Port Mirroring Setup	123
Link Aggregation	125
15.1 Link Aggregation Overview	125
15.2 Dynamic Link Aggregation	125
15.2.1 Link Aggregation ID	126
15.3 Link Aggregation Status	126
15.4 Link Aggregation Setting	127
15.5 Link Aggregation Control Protocol	128
15.6 Static Trunking Example	130
Port Authentication	133
16.1 Port Authentication Overview	133
16.1.1 IEEE 802.1x Authentication	133
16.1.2 MAC Authentication	134
16.2 Port Authentication Configuration	135
16.2.1 Activate IEEE 802.1x Security	135
16.2.2 Activate MAC Authentication	136
Port Security	139
17.1 About Port Security	139
17.2 Port Security Setup	139
Classifier	143
18.1 About the Classifier and QoS	143
18.2 Configuring the Classifier	143
18.3 Viewing and Editing Classifier Configuration	146
18.4 Classifier Example	147
Policy Rule	149
19.1 Policy Rules Overview	149
19.1.1 DiffServ	149
19.1.2 DSCP and Per-Hop Behavior	149
19.2 Configuring Policy Rules	150
19.3 Viewing and Editing Policy Configuration	152
19.4 Policy Example	153
Queuing Method	155
20.1 Queuing Method Overview	155
20.1.1 Strictly Priority	155
20.1.2 Weighted Fair Queuing	155
20.1.3 Weighted Round Robin Scheduling (WRR)	156
20.2 Configuring Queuing	156
VLAN Stacking	159
21.1 VLAN Stacking Overview	159
21.1.1 VLAN Stacking Example	159
21.2 VLAN Stacking Port Roles	160
21.3 VLAN Tag Format	161
21.3.1 Frame Format	161
21.4 Configuring VLAN Stacking	162
Multicast	165
22.1 Multicast Overview	165
22.1.1 IP Multicast Addresses	165
22.1.2 IGMP Filtering	165
22.1.3 IGMP Snooping	165
22.1.4 IGMP Snooping and VLANs	166
22.2 Multicast Status	166
22.3 Multicast Setting	166
22.4 IGMP Snooping VLAN	168
22.5 IGMP Filtering Profile	170
22.6 MVR Overview	171
22.6.1 Types of MVR Ports	171
22.6.2 MVR Modes	172
22.6.3 How MVR Works	172
22.7 General MVR Configuration	172
22.8 MVR Group Configuration	174
22.8.1 MVR Configuration Example	175
Authentication & Accounting	179
23.1 Authentication, Authorization and Accounting	179
23.1.1 Local User Accounts	179
23.1.2 RADIUS and TACACS+	180
23.2 Authentication and Accounting Screens	180
23.2.1 RADIUS Server Setup	180
23.2.2 TACACS+ Server Setup	182
23.2.3 Authentication and Accounting Setup	184
23.2.4 Vendor Specific Attribute	187
23.3 Supported RADIUS Attributes	188
23.3.1 Attributes Used for Authentication	189
23.3.2 Attributes Used for Accounting	189
IP Source Guard	193
24.1 IP Source Guard Overview	193
24.1.1 DHCP Snooping Overview	193
24.1.2 ARP Inspection Overview	195
24.2 IP Source Guard	197
24.3 IP Source Guard Static Binding	197
24.4 DHCP Snooping	199
24.5 DHCP Snooping Configure	202
24.5.1 DHCP Snooping Port Configure	203
24.5.2 DHCP Snooping VLAN Configure	205
24.6 ARP Inspection Status	206
24.6.1 ARP Inspection VLAN Status	206
24.6.2 ARP Inspection Log Status	207
24.7 ARP Inspection Configure	209
24.7.1 ARP Inspection Port Configure	210
24.7.2 ARP Inspection VLAN Configure	211
Loop Guard	213
25.1 Loop Guard Overview	213
25.2 Loop Guard Setup	215
Static Routing	217
26.1 Configuring Static Routing	217
Differentiated Services	219
27.1 DiffServ Overview	219
27.1.1 DSCP and Per-Hop Behavior	219
27.1.2 DiffServ Network Example	220
27.2 Two Rate Three Color Marker Traffic Policing	220
27.2.1 TRTCM - Color-blind Mode	221
27.2.2 TRTCM - Color-aware Mode	221
27.3 Activating DiffServ	222
27.3.1 Configuring 2-Rate 3 Color Marker Settings	222
27.4 DSCP-to-IEEE 802.1p Priority Settings	224
27.4.1 Configuring DSCP Settings	224
DHCP	227
28.1 DHCP Overview	227
28.1.1 DHCP Modes	227
28.1.2 DHCP Configuration Options	227
28.2 DHCP Status	227
28.3 DHCP Relay	228
28.3.1 DHCP Relay Agent Information	228
28.3.2 Configuring DHCP Global Relay	229
28.3.3 Global DHCP Relay Configuration Example	230
28.4 Configuring DHCP VLAN Settings	230
28.4.1 Example: DHCP Relay for Two VLANs	232
Maintenance	233
29.1 The Maintenance Screen	233
29.2 Load Factory Default	234
29.3 Save Configuration	234
29.4 Reboot System	235
29.5 Firmware Upgrade	235
29.6 Restore a Configuration File	236
29.7 Backup a Configuration File	236
29.8 FTP Command Line	237
29.8.1 Filename Conventions	237
29.8.2 FTP Command Line Procedure	237
29.8.3 GUI-based FTP Clients	238
29.8.4 FTP Restrictions	238
Access Control	239
30.1 Access Control Overview	239
30.2 The Access Control Main Screen	239
30.3 About SNMP	240
30.3.1 SNMP v3 and Security	241
30.3.2 Supported MIBs	241
30.3.3 SNMP Traps	241
30.3.4 Configuring SNMP	247
30.3.5 Configuring SNMP Trap Group	249
30.3.6 Setting Up Login Accounts	250
30.4 SSH Overview	252
30.5 How SSH works	252
30.6 SSH Implementation on the Switch	253
30.6.1 Requirements for Using SSH	253
30.7 Introduction to HTTPS	253
30.8 HTTPS Example	254
30.8.1 Internet Explorer Warning Messages	254
30.8.2 Netscape Navigator Warning Messages	255
30.8.3 The Main Screen	255
30.9 Service Port Access Control	256
30.10 Remote Management	257
Diagnostic	259
31.1 Diagnostic	259
Syslog	261
32.1 Syslog Overview	261
32.2 Syslog Setup	261
32.3 Syslog Server Setup	262
Cluster Management	265
33.1 Clustering Management Status Overview	265
33.2 Cluster Management Status	266
33.2.1 Cluster Member Switch Management	267
33.3 Clustering Management Configuration	268
MAC Table	271
34.1 MAC Table Overview	271
34.2 Viewing the MAC Table	272
ARP Table	273
35.1 ARP Table Overview	273
35.1.1 How ARP Works	273
35.2 Viewing the ARP Table	273
Configure Clone	275
36.1 Configure Clone	275
Troubleshooting and Specifications	277
Troubleshooting	279
37.1 Power, Hardware Connections, and LEDs	279
37.2 Switch Access and Login	280
Product Specifications	283
38.1 General Switch Specifications	283
38.2 Cable Pin Assignments	288
Appendices and Index	291
Setting up Your Computer’s IP Address	293
Pop-up Windows, JavaScripts and Java Permissions	315
IP Addresses and Subnetting	323
Common Services	333
Importing Certificates	337
Legal Information	343

Match case Limit results 1 per page

Chapter 24 IP Source Guard

ES-3124 Series User’s Guide

211

The following table describes the labels in this screen.

24.7.2

ARP Inspection VLAN Configure

Use this screen to enable ARP inspection on each VLAN and to specify when the Switch

generates log messages for receiving ARP packets from each VLAN. To open this screen,

click

Advanced Application > IP Source Guard > ARP Inspection > Configure > VLAN

Figure 116

Advanced Application > IP Source Guard > ARP Inspection > Configure > VLAN

Table 81

Advanced Application > IP Source Guard > ARP Inspection > Configure > Port

LABEL

DESCRIPTION

Port

This field displays the port number. If you configure the

port, the settings

are applied to all of the ports.

Trusted State

Select whether this port is a trusted port (

Trusted

) or an untrusted port

(

Untrusted

The Switch does not discard ARP packets on trusted ports for any reason.

The Switch discards ARP packets on untrusted ports in the following

situations:

•

The sender’s information in the ARP packet does not match any of the

current bindings.

•

The rate at which ARP packets arrive is too high. You can specify the

maximum rate at which ARP packets can arrive on untrusted ports.

Limit

These settings have no effect on trusted ports.

Rate (pps)

Specify the maximum rate (0-2048 packets per second) at which the

Switch receives ARP packets from each port. The Switch discards any

additional ARP packets. Enter 0 to disable this limit.

Burst interval

(seconds)

The burst interval is the length of time over which the rate of ARP packets

is monitored for each port. For example, if the Rate is 15 pps and the burst

interval is 1 second, then the Switch accepts a maximum of 15 ARP

packets in every one-second interval. If the burst interval is 5 seconds,

then the Switch accepts a maximum of 75 ARP packets in every five-

second interval.

Enter the length (1-15 seconds) of the burst interval.

Apply

Click

Apply

to save your changes to the Switch’s run-time memory. The

Switch loses these changes if it is turned off or loses power, so use the

Save

link on the top navigation panel to save your changes to the non-

volatile memory when you are done configuring.

Cancel

Click this to reset the values in this screen to their last-saved values.