Home » ZyXEL Manuals » Networking » ZyXEL GS2200-8 » Manual Viewer

ZyXEL GS2200-8 User Guide - Page 208

ARP Inspection Port Con

Get ZyXEL GS2200-8 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 208 highlights

Chapter 25 IP Source Guard The following table describes the labels in this screen. Table 76 ARP Inspection Configure LABEL Active Filter Aging Time Filter aging time DESCRIPTION Select this to enable ARP inspection on the Switch. You still have to enable ARP inspection on specific VLAN and specify trusted ports. This setting has no effect on existing MAC address filters. Log Profile Log buffer size Enter how long (1~2147483647 seconds) the MAC address filter remains in the Switch after the Switch identifies an unauthorized ARP packet. The Switch automatically deletes the MAC address filter afterwards. Enter 0 if you want the MAC address filter to be permanent. Enter the maximum number (1~1024) of log messages that were generated by ARP packets and have not been sent to the syslog server yet. Make sure this number is appropriate for the specified Syslog rate and Log interval. Syslog rate If the number of log messages in the Switch exceeds this number, the Switch stops recording log messages and simply starts counting the number of entries that were dropped due to unavailable buffer. Click Clearing log status table in the ARP Inspection Log Status screen to clear the log and reset this counter. See Section 25.8 on page 206. Enter the maximum number of syslog messages the Switch can send to the syslog server in one batch. This number is expressed as a rate because the batch frequency is determined by the Log Interval. You must configure the syslog server (Chapter 37 on page 287) to use this. Enter 0 if you do not want the Switch to send log messages generated by ARP packets to the syslog server. The relationship between Syslog rate and Log interval is illustrated in the following examples: Log interval Apply Cancel • 4 invalid ARP packets per second, Syslog rate is 5, Log interval is 1: the Switch sends 4 syslog messages every second. • 6 invalid ARP packets per second, Syslog rate is 5, Log interval is 2: the Switch sends 5 syslog messages every 2 seconds. Enter how often (1-86400 seconds) the Switch sends a batch of syslog messages to the syslog server. Enter 0 if you want the Switch to send syslog messages immediately. See Syslog rate for an example of the relationship between Syslog rate and Log interval. Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click this to reset the values in this screen to their last-saved values. 25.9.1 ARP Inspection Port Configure Use this screen to specify whether ports are trusted or untrusted ports for ARP inspection. You can also specify the maximum rate at which the Switch receives ARP packets on each untrusted port. To 208 GS2200-8/24 User's Guide

Section	Page
GS2200-8/24 Series	1
About This User's Guide	3
Document Conventions	6
Safety Warnings	8
Contents Overview	9
Table of Contents	11
User’s Guide	21
Getting to Know Your Switch	23
1.1 Introduction	23
1.1.1 Backbone Application	23
1.1.2 Bridging Example	24
1.1.3 High Performance Switching Example	24
1.1.4 IEEE 802.1Q VLAN Application Examples	25
1.2 Ways to Manage the Switch	26
1.3 Good Habits for Managing the Switch	26
Hardware Installation and Connection	27
2.1 Installation Scenarios	27
2.2 Desktop Installation Procedure	27
2.3 Mounting the Switch on a Rack	27
2.3.1 Rack-mounted Installation Requirements	27
2.3.2 Attaching the Mounting Brackets to the Switch	28
2.3.3 Mounting the Switch on a Rack	29
2.4 Wall Mounting (for GS2200-8 only)	29
Hardware Panels	31
3.1 Overview	31
3.2 Front Panels	31
3.2.1 Console Port	33
3.2.2 Gigabit Ethernet Ports	33
3.2.3 Mini-GBIC Slots	34
3.2.4 Power Connector	35
3.3 LEDs	36
Technical Reference	37
The Web Configurator	39
4.1 Overview	39
4.2 System Login	39
4.3 The Status Screen	40
4.3.1 Change Your Password	44
4.4 Saving Your Configuration	44
4.5 Switch Lockout	44
4.6 Resetting the Switch	45
4.6.1 Reload the Configuration File	45
4.7 Logging Out of the Web Configurator	46
4.8 Help	46
Initial Setup Example	47
5.1 Overview	47
5.1.1 Creating a VLAN	47
5.1.2 Setting Port VID	48
5.2 Configuring Switch Management IP Address	49
Tutorials	51
6.1 Overview	51
6.2 How to Use DHCP Snooping on the Switch	51
6.3 How to Use DHCP Relay on the Switch	54
6.3.1 DHCP Relay Tutorial Introduction	55
6.3.2 Creating a VLAN	55
6.3.3 Configuring DHCP Relay	58
6.3.4 Troubleshooting	59
System Status and Port Statistics	60
7.1 Overview	60
7.1.1 What You Can Do	60
7.2 Port Status Summary	61
7.2.1 Status: Port Details	63
Basic Setting	66
8.1 Overview	66
8.1.1 What You Can Do	66
8.2 System Information	67
8.3 General Setup	69
8.4 Introduction to VLANs	70
8.5 Switch Setup Screen	71
8.6 IP Setup	72
8.6.1 Management IP Addresses	73
8.7 Port Setup	75
8.8 PoE Status	76
8.8.1 PoE Setup	79
VLAN	83
9.1 Overview	83
9.1.1 What You Can Do	83
9.1.2 What You Need to Know	83
9.2 VLAN Status	86
9.2.1 VLAN Details	87
9.3 Configure a Static VLAN	88
9.4 Configure VLAN Port Settings	90
9.5 Subnet Based VLANs	91
9.5.1 Configuring Subnet Based VLAN	92
9.6 Protocol Based VLANs	94
9.6.1 Configuring Protocol Based VLAN	94
9.7 Port-based VLAN Setup	96
9.7.1 Configure a Port-based VLAN	97
9.8 Technical Reference	99
9.8.1 Create an IP-based VLAN Example	99
Static MAC Forward Setup	101
10.1 Overview	101
10.1.1 What You Can Do	101
10.2 Configuring Static MAC Forwarding	101
Static Multicast Forward Setup	103
11.1 Overview	103
11.1.1 What You Can Do	103
11.1.2 What You Need To Know	103
11.2 Configuring Static Multicast Forwarding	104
Filtering	107
12.1 Overview	107
12.1.1 What You Can Do	107
12.2 Configure a Filtering Rule	107
Spanning Tree Protocol	109
13.1 Overview	109
13.1.1 What You Can Do	109
13.1.2 What You Need to Know	109
13.2 Spanning Tree Protocol Status Screen	112
13.3 Spanning Tree Configuration	113
13.4 Configure Rapid Spanning Tree Protocol	114
13.5 Rapid Spanning Tree Protocol Status	115
13.6 Configure Multiple Rapid Spanning Tree Protocol	117
13.7 Multiple Rapid Spanning Tree Protocol Status	118
13.8 Configure Multiple Spanning Tree Protocol	120
13.8.1 Multiple Spanning Tree Protocol Port Configuration	123
13.9 Multiple Spanning Tree Protocol Status	123
13.10 Technical Reference	125
13.10.1 MSTP Network Example	126
13.10.2 MST Region	126
13.10.3 MST Instance	127
13.10.4 Common and Internal Spanning Tree (CIST)	127
Bandwidth Control	129
14.1 Overview	129
14.1.1 What You Can Do	129
14.2 Bandwidth Control Setup	130
Broadcast Storm Control	132
15.1 Overview	132
15.1.1 What You Can Do	132
15.2 Broadcast Storm Control Setup	133
Mirroring	134
16.1 Overview	134
16.1.1 What You Can Do	134
16.2 Port Mirroring Setup	135
Link Aggregation	137
17.1 Overview	137
17.1.1 What You Can Do	137
17.1.2 What You Need to Know	137
17.2 Link Aggregation Status	138
17.3 Link Aggregation Setting	140
17.4 Link Aggregation Control Protocol	142
17.5 Technical Reference	143
17.5.1 Static Trunking Example	143
Port Authentication	145
18.1 Overview	145
18.1.1 What You Can Do	145
18.1.2 What You Need to Know	145
18.2 Port Authentication Configuration	146
18.3 Activate IEEE 802.1x Security	147
18.3.1 Guest VLAN	148
Port Security	151
19.1 Overview	151
19.1.1 What You Can Do	151
19.2 Port Security Setup	152
Classifier	154
20.1 Overview	154
20.1.1 What You Can Do	154
20.1.2 What You Need to Know	154
20.2 Configuring the Classifier	154
20.2.1 Viewing and Editing Classifier Configuration	156
20.3 Classifier Example	158
Policy Rule	160
21.1 Policy Rules Overview	160
21.1.1 What You Can Do	160
21.2 Configuring Policy Rules	160
21.2.1 Viewing and Editing Policy Configuration	163
21.3 Policy Example	164
Queuing Method	165
22.1 Overview	165
22.1.1 What You Can Do	165
22.1.2 What You Need to Know	165
22.2 Configuring Queuing	166
Multicast	168
23.1 Overview	168
23.1.1 What You Can Do	168
23.1.2 What You Need to Know	168
23.2 Multicast Status	170
23.3 Multicast Setting	171
23.4 IGMP Snooping VLAN	174
23.5 IGMP Filtering Profile	175
23.6 The MVR Screen	176
23.6.1 MVR Group Configuration	178
23.6.2 MVR Configuration Example	179
AAA	182
24.1 Overview	182
24.1.1 What You Can Do	182
24.1.2 What You Need to Know	182
24.2 AAA Screens	183
24.3 RADIUS Server Setup	183
24.4 TACACS+ Server Setup	186
24.5 AAA Setup	188
24.6 Technical Reference	190
24.6.1 Vendor Specific Attribute	190
24.6.2 Supported RADIUS Attributes	191
24.6.3 Attributes Used for Authentication	192
IP Source Guard	193
25.1 Overview	193
25.1.1 What You Can Do	193
25.1.2 What You Need to Know	194
25.2 IP Source Guard	194
25.3 IP Source Guard Static Binding	195
25.4 DHCP Snooping	196
25.5 DHCP Snooping Configure	199
25.5.1 DHCP Snooping Port Configure	201
25.5.2 DHCP Snooping VLAN Configure	203
25.6 ARP Inspection Status	204
25.7 ARP Inspection VLAN Status	205
25.8 ARP Inspection Log Status	206
25.9 ARP Inspection Configure	207
25.9.1 ARP Inspection Port Configure	208
25.9.2 ARP Inspection VLAN Configure	210
25.10 Technical Reference	211
25.10.1 DHCP Snooping Overview	211
25.10.2 ARP Inspection Overview	213
Loop Guard	215
26.1 Overview	215
26.1.1 What You Can Do	215
26.1.2 What You Need to Know	215
26.2 Loop Guard Setup	217
Layer 2 Protocol Tunneling	219
27.1 Overview	219
27.1.1 What You Can Do	219
27.1.2 What You Need to Know	219
27.2 Configuring Layer 2 Protocol Tunneling	221
PPPoE	223
28.1 PPPoE Intermediate Agent Overview	223
28.1.1 What You Can Do	223
28.1.2 What You Need to Know	223
28.2 The PPPoE Screen	225
28.3 PPPoE Intermediate Agent	226
28.3.1 PPPoE IA Per-Port	227
28.3.2 PPPoE IA Per-Port Per-VLAN	228
28.3.3 PPPoE IA for VLAN	230
Error Disable	231
29.1 Overview	231
29.1.1 What You Can Do	231
29.1.2 What You Need to Know	231
29.2 The Error Disable Screen	232
29.3 CPU Protection Configuration	232
29.4 Error-Disable Detect Configuration	233
29.5 Error-Disable Recovery Configuration	234
Static Route	237
30.1 Overview	237
30.1.1 What You Can Do	237
30.2 Configuring Static Routing	238
Differentiated Services	240
31.1 Overview	240
31.1.1 What You Can Do	240
31.1.2 What You Need to Know	240
31.2 Activating DiffServ	241
31.3 DSCP-to-IEEE 802.1p Priority Settings	242
31.3.1 Configuring DSCP Settings	242
DHCP	244
32.1 DHCP Overview	244
32.1.1 What You Can Do	244
32.1.2 What You Need to Know	244
32.2 DHCP Status	245
32.3 Configuring DHCP Global Relay	246
32.3.1 Global DHCP Relay Configuration Example	247
32.4 Configuring DHCP VLAN Settings	247
32.4.1 Example: DHCP Relay for Two VLANs	248
ARP Learning	250
33.1 ARP Overview	250
33.1.1 What You Can Do	250
33.1.2 What You Need to Know	250
33.2 Configuring ARP Learning	252
Maintenance	255
34.1 Overview	255
34.1.1 What You Can Do	255
34.2 The Maintenance Screen	255
34.2.1 Load Factory Default	256
34.2.2 Save Configuration	256
34.2.3 Reboot System	257
34.3 Firmware Upgrade	257
34.4 Restore a Configuration File	258
34.5 Backup a Configuration File	258
34.6 Technical Reference	259
34.6.1 FTP Command Line	259
34.6.2 Filename Conventions	259
34.6.3 FTP Command Line Procedure	259
34.6.4 GUI-based FTP Clients	260
34.6.5 FTP Restrictions	260
Access Control	261
35.1 Overview	261
35.1.1 What You Can Do	261
35.2 The Access Control Main Screen	261
35.3 Configuring SNMP	262
35.3.1 Configuring SNMP Trap Group	264
35.3.2 Configuring SNMP User	265
35.4 Setting Up Login Accounts	266
35.5 Service Port Access Control	268
35.6 Remote Management	268
35.7 Technical Reference	270
35.7.1 About SNMP	270
35.7.2 SSH Overview	277
35.7.3 Introduction to HTTPS	278
Diagnostic	285
36.1 Overview	285
36.2 Diagnostic	285
Syslog	287
37.1 Overview	287
37.1.1 What You Can Do	287
37.2 Syslog Setup	287
37.3 Syslog Server Setup	289
Cluster Management	290
38.1 Overview	290
38.1.1 What You Can Do	291
38.2 Cluster Management Status	291
38.3 Clustering Management Configuration	292
38.4 Technical Reference	294
38.4.1 Cluster Member Switch Management	294
MAC Table	296
39.1 Overview	296
39.1.1 What You Can Do	296
39.1.2 What You Need to Know	296
39.2 Viewing the MAC Table	297
ARP Table	299
40.1 Overview	299
40.1.1 What You Can Do	299
40.1.2 What You Need to Know	299
40.2 Viewing the ARP Table	299
Configure Clone	301
41.1 Overview	301
41.2 Configure Clone	301
Troubleshooting	303
42.1 Power, Hardware Connections, and LEDs	303
42.2 Switch Access and Login	304
42.3 Switch Configuration	306
Product Specifications	307
Changing a Fuse	315
Common Services	317
Legal Information	321

Match case Limit results 1 per page

Chapter 25 IP Source Guard

GS2200-8/24 User’s Guide

208

The following table describes the labels in this screen.

25.9.1

ARP Inspection Port Configure

Use this screen to specify whether ports are trusted or untrusted ports for ARP inspection. You can

also specify the maximum rate at which the Switch receives ARP packets on each untrusted port. To

Table 76

ARP Inspection Configure

LABEL

DESCRIPTION

Active

Select this to enable ARP inspection on the Switch. You still have to enable ARP

inspection on specific VLAN and specify trusted ports.

Filter Aging Time

Filter aging time

This setting has no effect on existing MAC address filters.

Enter how long (1~2147483647 seconds) the MAC address filter remains in the Switch

after the Switch identifies an unauthorized ARP packet. The Switch automatically

deletes the MAC address filter afterwards. Enter 0 if you want the MAC address filter to

be permanent.

Log Profile

Log buffer size

Enter the maximum number (1~1024) of log messages that were generated by ARP

packets and have not been sent to the syslog server yet. Make sure this number is

appropriate for the specified

Syslog rate

and

Log interval

If the number of log messages in the Switch exceeds this number, the Switch stops

recording log messages and simply starts counting the number of entries that were

dropped due to unavailable buffer. Click

Clearing log status table

in the

ARP

Inspection Log Status

screen to clear the log and reset this counter. See

Section

25.8 on page 206

Syslog rate

Enter the maximum number of syslog messages the Switch can send to the syslog

server in one batch. This number is expressed as a rate because the batch frequency

is determined by the

Log Interval

. You must configure the syslog server (

Chapter 37

on page 287

) to use this. Enter 0 if you do not want the Switch to send log messages

generated by ARP packets to the syslog server.

The relationship between

Syslog rate

and

Log interval

is illustrated in the following

examples:

•

4 invalid ARP packets per second,

Syslog rate

is 5,

Log interval

is 1: the Switch

sends 4 syslog messages every second.

•

6 invalid ARP packets per second,

Syslog rate

is 5,

Log interval

is 2: the Switch

sends 5 syslog messages every 2 seconds.

Log interval

Enter how often (1-86400 seconds) the Switch sends a batch of syslog messages to

the syslog server. Enter 0 if you want the Switch to send syslog messages

immediately. See

Syslog rate

for an example of the relationship between

Syslog

rate

and

Log interval

Apply

Click

Apply

to save your changes to the Switch’s run-time memory. The Switch loses

these changes if it is turned off or loses power, so use the

Save

link on the top

navigation panel to save your changes to the non-volatile memory when you are done

configuring.

Cancel

Click this to reset the values in this screen to their last-saved values.