Home » ZyXEL Manuals » Networking » ZyXEL XGS4700-48F » Manual Viewer

ZyXEL XGS4700-48F User Guide - Page 264

ARP Inspection Overview

Get ZyXEL XGS4700-48F PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 264 highlights

Chapter 26 IP Source Guard 3 Configure trusted and untrusted ports, and specify the maximum number of DHCP packets that each port can receive per second. 4 Configure static bindings. 26.1.2 ARP Inspection Overview Use ARP inspection to filter unauthorized ARP packets on the network. This can prevent many kinds of man-in-the-middle attacks, such as the one in the following example. Figure 121 Example: Man-in-the-middle Attack A B X In this example, computer B tries to establish a connection with computer A. Computer X is in the same broadcast domain as computer A and intercepts the ARP request for computer A. Then, computer X does the following things: • It pretends to be computer A and responds to computer B. • It pretends to be computer B and sends a message to computer A. As a result, all the communication between computer A and computer B passes through computer X. Computer X can read and alter the information passed between them. 26.1.2.1 ARP Inspection and MAC Address Filters When the Switch identifies an unauthorized ARP packet, it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet. You can configure how long the MAC address filter remains in the Switch. These MAC address filters are different than regular MAC address filters (Chapter 12 on page 147). • They are stored only in volatile memory. • They do not use the same space in memory that regular MAC address filters use. 264 XGS4700-48F User's Guide

Section	Page
XGS4700-48F	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
User’s Guide	25
Getting to Know Your Switch	27
1.1 Introduction	27
1.1.1 Bridging Example	27
1.1.2 High Performance Switching Example	28
1.1.3 Gigabit Ethernet to the Desktop	29
1.1.4 IEEE 802.1Q VLAN Application Example	29
1.1.5 IPv6 Support	30
1.2 Ways to Manage the Switch	30
1.3 Good Habits for Managing the Switch	31
Hardware Installation and Connection	33
2.1 Freestanding Installation	33
2.2 Mounting the Switch on a Rack	34
2.2.1 Rack-mounted Installation Requirements	34
2.2.2 Attaching the Mounting Brackets to the Switch	34
2.2.3 Mounting the Switch on a Rack	35
2.3 Connecting the Frame Ground	35
2.4 Power Module Installation	36
2.4.1 Installing a Power Module	36
2.4.2 Removing a Power Module	38
Hardware Overview	41
3.1 Front Panel Connections	41
3.1.1 Mini-GBIC Slots	41
3.1.2 Console Port	43
3.1.3 Signal Slot	43
3.2 Rear Panel	46
3.2.1 Removing and Installing the Fan Module	47
3.2.2 Uplink Module	48
3.2.3 Rear Panel Connections	48
3.2.4 Management Port	49
3.2.5 Power Connector	49
3.3 Power Connection	49
3.3.1 AC Power Connections	50
3.3.2 DC Power Connections	50
3.3.3 Procedure to Turn on the Switch Power	51
3.3.4 Disconnecting the Power	51
3.4 LEDs	52
The Web Configurator	55
4.1 Introduction	55
4.2 System Login	55
4.3 The Web Configurator Layout	56
4.3.1 Change Your Password	61
4.4 Saving Your Configuration	62
4.5 Switch Lockout	62
4.6 Resetting the Switch	62
4.6.1 Reload the Configuration File	63
4.7 Logging Out of the Web Configurator	64
4.8 Help	64
Initial Setup Example	65
5.1 Overview	65
5.1.1 Configuring an IP Interface	65
5.1.2 Configuring DHCP Server Settings	67
5.1.3 Creating a VLAN	67
5.1.4 Setting Port VID	69
5.1.5 Enabling RIP	70
Tutorials	71
6.1 How to Use DHCP Snooping on the Switch	71
6.2 How to Use DHCP Relay on the Switch	75
6.2.1 DHCP Relay Tutorial Introduction	75
6.2.2 Creating a VLAN	76
6.2.3 Configuring DHCP Relay	79
6.2.4 Troubleshooting	79
6.3 How to Use PPPoE IA on the Switch	80
6.3.1 Configuring Switch A	81
6.3.2 Configuring Switch B	83
6.4 How to Use Error Disable and Recovery on the Switch	85
6.5 How to Set Up a Guest VLAN	88
6.5.1 Creating a Guest VLAN	89
6.5.2 Enabling IEEE 802.1x Port Authentication	91
6.5.3 Enabling Guest VLAN	92
6.6 How to Configure Routing Policy	93
6.6.1 Create a Layer-3 Classifier	94
6.6.2 Create a Policy Routing Rule	95
Technical Reference	97
System Status and Port Statistics	99
7.1 Overview	99
7.2 Port Status Summary	99
7.2.1 Status: Port Details	101
Basic Setting	105
8.1 Overview	105
8.2 System Information	106
8.3 General Setup	108
8.4 Introduction to VLANs	110
8.5 Switch Setup Screen	111
8.6 IP Setup	113
8.6.1 IP Interfaces	113
8.7 Port Setup	115
VLAN	119
9.1 Introduction to IEEE 802.1Q Tagged VLANs	119
9.1.1 Forwarding Tagged and Untagged Frames	119
9.2 Automatic VLAN Registration	120
9.2.1 GARP	120
9.2.2 GVRP	120
9.3 Port VLAN Trunking	121
9.4 Select the VLAN Type	122
9.5 Static VLAN	122
9.5.1 VLAN Status	123
9.5.2 VLAN Details	124
9.5.3 Configure a Static VLAN	124
9.5.4 Configure VLAN Port Settings	126
9.6 Subnet Based VLANs	128
9.7 Configuring Subnet Based VLAN	129
9.8 Protocol Based VLANs	130
9.9 Configuring Protocol Based VLAN	131
9.10 Create an IP-based VLAN Example	133
9.11 Port-based VLAN Setup	134
9.11.1 Configure a Port-based VLAN	134
Static MAC Forward Setup	139
10.1 Overview	139
10.2 Configuring Static MAC Forwarding	139
Static Multicast Forward Setup	143
11.1 Static Multicast Forwarding Overview	143
11.2 Configuring Static Multicast Forwarding	144
Filtering	147
12.1 Configure a Filtering Rule	147
Spanning Tree Protocol	149
13.1 STP/RSTP Overview	149
13.1.1 STP Terminology	149
13.1.2 How STP Works	150
13.1.3 STP Port States	151
13.1.4 Multiple RSTP	151
13.1.5 Multiple STP	152
13.2 Spanning Tree Protocol Status Screen	155
13.3 Spanning Tree Configuration	155
13.4 Configure Rapid Spanning Tree Protocol	156
13.5 Rapid Spanning Tree Protocol Status	158
13.6 Configure Multiple Rapid Spanning Tree Protocol	160
13.7 Multiple Rapid Spanning Tree Protocol Status	162
13.8 Configure Multiple Spanning Tree Protocol	164
13.8.1 Multiple Spanning Tree Protocol Port Configuration	167
13.9 Multiple Spanning Tree Protocol Status	168
Bandwidth Control	171
14.1 Bandwidth Control Overview	171
14.1.1 CIR and PIR	171
14.2 Bandwidth Control Setup	172
Broadcast Storm Control	175
15.1 Broadcast Storm Control Setup	175
Mirroring	177
16.1 Port Mirroring Setup	177
Link Aggregation	179
17.1 Link Aggregation Overview	179
17.2 Dynamic Link Aggregation	179
17.2.1 Link Aggregation ID	180
17.3 Link Aggregation Status	181
17.4 Link Aggregation Setting	183
17.5 Link Aggregation Control Protocol	185
17.6 Static Trunking Example	186
Port Authentication	189
18.1 Port Authentication Overview	189
18.1.1 IEEE 802.1x Authentication	189
18.1.2 MAC Authentication	190
18.2 Port Authentication Configuration	191
18.2.1 Activate IEEE 802.1x Security	192
18.2.2 Guest VLAN	193
18.2.3 Activate MAC Authentication	196
Port Security	199
19.1 About Port Security	199
19.2 Port Security Setup	200
19.3 VLAN MAC Address Limit	201
Classifier	203
20.1 About the Classifier and QoS	203
20.2 Configuring the Classifier	204
20.3 Viewing and Editing Classifier Configuration	206
20.4 Classifier Example	208
Policy Rule	209
21.1 Policy Rules Overview	209
21.1.1 DiffServ	209
21.1.2 DSCP and Per-Hop Behavior	209
21.2 Configuring Policy Rules	210
21.3 Viewing and Editing Policy Configuration	213
21.4 Policy Example	215
Queuing Method	217
22.1 Queuing Method Overview	217
22.1.1 Strictly Priority	217
22.1.2 Weighted Fair Queuing	217
22.1.3 Weighted Round Robin Scheduling (WRR)	218
22.2 Configuring Queuing	219
VLAN Stacking	221
23.1 VLAN Stacking Overview	221
23.1.1 VLAN Stacking Example	221
23.2 VLAN Stacking Port Roles	222
23.3 VLAN Tag Format	223
23.3.1 Frame Format	223
23.4 Configuring VLAN Stacking	224
23.4.1 Port-based Q-in-Q	225
23.4.2 Selective Q-in-Q	226
Multicast	229
24.1 Multicast Overview	229
24.1.1 IP Multicast Addresses	229
24.1.2 IGMP Filtering	229
24.1.3 IGMP Snooping	230
24.1.4 IGMP Snooping and VLANs	230
24.2 Multicast Status	230
24.3 Multicast Setting	231
24.4 IGMP Snooping VLAN	234
24.5 IGMP Filtering Profile	235
24.6 MVR Overview	237
24.6.1 Types of MVR Ports	237
24.6.2 MVR Modes	238
24.6.3 How MVR Works	238
24.7 General MVR Configuration	239
24.8 MVR Group Configuration	241
24.8.1 MVR Configuration Example	242
AAA	245
25.1 Authentication, Authorization and Accounting (AAA)	245
25.1.1 Local User Accounts	246
25.1.2 RADIUS and TACACS+	246
25.2 AAA Screens	246
25.2.1 RADIUS Server Setup	247
25.2.2 TACACS+ Server Setup	249
25.2.3 AAA Setup	251
25.2.4 Vendor Specific Attribute	254
25.2.5 Tunnel Protocol Attribute	255
25.3 Supported RADIUS Attributes	256
25.3.1 Attributes Used for Authentication	256
25.3.2 Attributes Used for Accounting	257
IP Source Guard	261
26.1 IP Source Guard Overview	261
26.1.1 DHCP Snooping Overview	262
26.1.2 ARP Inspection Overview	264
26.2 IP Source Guard	265
26.3 IP Source Guard Static Binding	266
26.4 DHCP Snooping	268
26.5 DHCP Snooping Configure	271
26.5.1 DHCP Snooping Port Configure	273
26.5.2 DHCP Snooping VLAN Configure	274
26.6 ARP Inspection Status	276
26.6.1 ARP Inspection VLAN Status	277
26.6.2 ARP Inspection Log Status	278
26.7 ARP Inspection Configure	279
26.7.1 ARP Inspection Port Configure	281
26.7.2 ARP Inspection VLAN Configure	282
Loop Guard	285
27.1 Loop Guard Overview	285
27.2 Loop Guard Setup	287
VLAN Mapping	289
28.1 VLAN Mapping Overview	289
28.1.1 VLAN Mapping Example	289
28.2 Enabling VLAN Mapping	290
28.3 Configuring VLAN Mapping	291
Layer 2 Protocol Tunneling	293
29.1 Layer 2 Protocol Tunneling Overview	293
29.1.1 Layer-2 Protocol Tunneling Mode	294
29.2 Configuring Layer 2 Protocol Tunneling	295
sFlow	297
30.1 sFlow Overview	297
30.2 sFlow Port Configuration	298
30.2.1 sFlow Collector Configuration	299
PPPoE	301
31.1 PPPoE Intermediate Agent Overview	301
31.1.1 PPPoE Intermediate Agent Tag Format	301
31.1.2 Sub-Option Format	302
31.1.3 Port State	303
31.2 The PPPoE Screen	304
31.3 PPPoE Intermediate Agent	304
31.3.1 PPPoE IA Per-Port	305
31.3.2 PPPoE IA Per-Port Per-VLAN	307
31.3.3 PPPoE IA for VLAN	309
Error Disable	311
32.1 CPU Protection Overview	311
32.2 Error-Disable Recovery Overview	311
32.3 The Error Disable Screen	312
32.4 CPU Protection Configuration	312
32.5 Error-Disable Detect Configuration	313
32.6 Error-Disable Recovery Configuration	315
Static Route	317
33.1 Static Routing Overview	317
33.2 Configuring Static Routing	318
Policy Routing	321
34.1 Policy Route Overview	321
34.1.1 Benefits	321
34.2 Configuring Policy Routing Profile	322
34.2.1 Policy Routing Rule Configuration	323
RIP	325
35.1 RIP Overview	325
35.1.1 Administrative Distance	325
35.2 Configuring RIP	326
OSPF	329
36.1 OSPF Overview	329
36.1.1 OSPF Autonomous Systems and Areas	329
36.1.2 How OSPF Works	330
36.1.3 Interfaces and Virtual Links	330
36.1.4 OSPF and Router Elections	331
36.1.5 Configuring OSPF	331
36.2 OSPF Status	332
36.3 OSPF Configuration	334
36.4 Configure OSPF Areas	335
36.4.1 View OSPF Area Information Table	337
36.5 Configuring OSPF Redistribution	337
36.6 Configuring OSPF Interfaces	339
36.7 OSPF Virtual-Links	341
IGMP	343
37.1 IGMP Overview	343
37.1.1 How IGMP Works	344
37.2 Port-based IGMP	345
37.3 Configuring IGMP	346
DVMRP	347
38.1 DVMRP Overview	347
38.2 How DVMRP Works	347
38.2.1 DVMRP Terminology	348
38.3 Configuring DVMRP	348
38.3.1 DVMRP Configuration Error Messages	349
38.4 Default DVMRP Timer Values	350
Differentiated Services	351
39.1 DiffServ Overview	351
39.1.1 DSCP and Per-Hop Behavior	351
39.1.2 DiffServ Network Example	352
39.2 Two Rate Three Color Marker Traffic Policing	352
39.2.1 TRTCM - Color-blind Mode	353
39.2.2 TRTCM - Color-aware Mode	353
39.3 Activating DiffServ	354
39.3.1 Configuring 2-Rate 3 Color Marker Settings	355
39.4 DSCP-to-IEEE 802.1p Priority Settings	357
39.4.1 Configuring DSCP Settings	358
DHCP	359
40.1 DHCP Overview	359
40.1.1 DHCP Modes	359
40.1.2 DHCP Configuration Options	359
40.2 DHCP Status	360
40.3 DHCP Server Status Detail	360
40.4 DHCP Relay	362
40.4.1 DHCP Relay Agent Information	362
40.4.2 Configuring DHCP Global Relay	363
40.4.3 Global DHCP Relay Configuration Example	364
40.5 Configuring DHCP VLAN Settings	365
40.5.1 Example: DHCP Relay for Two VLANs	367
VRRP	369
41.1 VRRP Overview	369
41.2 VRRP Status	370
41.3 VRRP Configuration	371
41.3.1 IP Interface Setup	371
41.3.2 VRRP Parameters	373
41.3.3 Configuring VRRP Parameters	374
41.3.4 Configuring VRRP Parameters	375
41.4 VRRP Configuration Examples	375
41.4.1 One Subnet Network Example	376
41.4.2 Two Subnets Example	377
ARP Learning	379
42.1 ARP Overview	379
42.1.1 How ARP Works	379
42.1.2 ARP Learning Mode	379
42.2 Configuring ARP Learning	382
Load Sharing	385
43.1 Load Sharing Overview	385
43.2 Configuring Load Sharing	385
Maintenance	387
44.1 The Maintenance Screen	387
44.2 Load Factory Default	388
44.3 Save Configuration	388
44.4 Reboot System	389
44.5 Firmware Upgrade	389
44.6 Restore a Configuration File	390
44.7 Backup a Configuration File	391
44.8 FTP Command Line	391
44.8.1 Filename Conventions	391
44.8.2 FTP Command Line Procedure	393
44.8.3 GUI-based FTP Clients	393
44.8.4 FTP Restrictions	394
Access Control	395
45.1 Access Control Overview	395
45.2 The Access Control Main Screen	395
45.3 About SNMP	396
45.3.1 SNMP v3 and Security	397
45.3.2 Supported MIBs	397
45.3.3 SNMP Traps	398
45.3.4 Configuring SNMP	402
45.3.5 Configuring SNMP Trap Group	404
45.3.6 Configuring SNMP User	405
45.4 Setting Up Login Accounts	407
45.5 SSH Overview	408
45.6 How SSH works	409
45.7 SSH Implementation on the Switch	410
45.7.1 Requirements for Using SSH	410
45.8 Introduction to HTTPS	410
45.9 HTTPS Example	411
45.9.1 Internet Explorer Warning Messages	411
45.9.2 Mozilla Firefox Warning Messages	414
45.9.3 The Main Screen	415
45.10 Service Port Access Control	416
45.11 Remote Management	417
Diagnostic	421
46.1 Diagnostic	421
Syslog	423
47.1 Syslog Overview	423
47.2 Syslog Setup	424
47.3 Syslog Server Setup	425
Cluster Management	427
48.1 Clustering Management Status Overview	427
48.2 Cluster Management Status	428
48.2.1 Cluster Member Switch Management	429
48.3 Clustering Management Configuration	432
MAC Table	435
49.1 MAC Table Overview	435
49.2 Viewing the MAC Table	436
IP Table	439
50.1 IP Table Overview	439
50.2 Viewing the IP Table	440
ARP Table	443
51.1 ARP Table Overview	443
51.1.1 How ARP Works	443
51.2 The ARP Table Screen	444
Routing Table	445
52.1 Overview	445
52.2 Viewing the Routing Table Status	445
Configure Clone	447
53.1 Configure Clone	447
Troubleshooting	449
54.1 Power, Hardware Connections, and LEDs	449
54.2 Switch Access and Login	450
54.3 Switch Configuration	453
Product Specifications	455
Common Services	465
Legal Information	469