T2600G/Security/IPV4 IMPB: Unterschied zwischen den Versionen

Aus Foxwiki
Zeile 149: Zeile 149:
Both
Both
     This entry will be applied to both the features.
     This entry will be applied to both the features.
=== DHCP Snooping ===
With DHCP snooping enabled, the switch can monitor the IP address obtaining process of the DHCP client, and record the IP address, MAC address, VLAN ID and the connected port number of the DHCP client for automatic binding.
To configure IP-MAC Binding via DHCP Snooping:
; <nowiki>Step1:</nowiki>
: Enable DHCP Snooping globally.
; <nowiki>Step2:</nowiki>
: Enable DHCP Snooping on one or more VLANs.
; <nowiki>Step3:</nowiki>
: Specify the maximum number of DHCP binding entries a port can learn via DHCP snooping.
==== Global Config ====
; DHCP Snooping
: Enable DHCP snooping function globally.
==== VLAN Config ====
; VLAN ID
: Displays the VLAN ID of the existing VLAN.
; Status
: Enable or disable DHCP snooping on a VLAN.
==== Port Config ====
; Port
: Select one or more ports to configure.
; Maximum Entry
: Configure the maximum number of DHCP binding entries a port can learn via DHCP snooping.
; LAG
: Displays the LAG that the port belongs to.


== ARP DETECTION ==
== ARP DETECTION ==

Version vom 31. Dezember 2022, 11:21 Uhr

IP-MAC BINDING

Binding Table

With IPv4 IMPB (IP-MAC-Port Binding), you can bind IP address, MAC address and port together as an entry. In the Binding Table, you can search and view the specified binding entries which can be used for ARP Inspection and IPv4 Source Guard.

Binding Table

Source
Select the source of the entry and click Search.
All
Displays the entries from all sources.
Manual
Displays the manually bound entries.
ARP Scanning
Displays the binding entries learned from ARP Scanning.
DHCP Snooping
Displays the binding entries learned from DHCP Snooping.
IP Address
Enter an IP address and click Search to search the specific entry.
Host Name
Enter a host name for identification.
IP Address
Displays the IP address.
MAC Address
Displays the MAC address.
VLAN ID
Displays the VLAN ID.
Port
Displays the port number.
Protect Type
Select the protect type for the entry:
None
This entry will not be applied to any feature.
ARP Detection
This entry will be applied to the ARP Detection feature.
IP Source Guard
This entry will be applied to the IP Source Guard feature.
Both
This entry will be applied to both the features.
Source
Displays the source of the entry.

Manual Binding

You can manually bind the IP address, MAC address, VLAN ID and the Port number together on the condition that you have got the related information of the hosts on the network. To configure IP-MAC Binding manually:

Step1:

   Click Add to load the configuration page.

Step2:

   Enter the IP address, MAC address, VLAN ID and port to create a binding entry, and specify the protect type for this entry.

Manual Binding Config

Host Name

   Enter a host name for identification.

IP Address

   Enter the IP address.

MAC Address

   Enter the MAC address.

VLAN ID

   Enter the VLAN ID.

Port

   Select the port that is connected to this host.

Protect Type

   Select the protect type for the entry:

None

   This entry will not be applied to any feature.

ARP Detection

   This entry will be applied to the ARP Detection feature.

IP Source Guard

   This entry will be applied to the IP Source Guard feature.

Both

   This entry will be applied to both the features.

ARP Scanning

With ARP Scanning, the switch sends the ARP request packets of the specified IP field to the hosts. Upon receiving the ARP reply packet, the switch can get the IP address, MAC address, VLAN ID and the connected port number of the host. To configure IP-MAC Binding via ARP scanning:

Step1:

   Specify the IP address range and VLAN ID, then click Scan to scan hosts in the specified range.

Step2:

   After scanning, select the desired entries in the Scanning Result table and select the protect type, then click Bind. 

Scanning Option

Starting/Ending IP Address

   Specify an IP range by entering a starting and ending IP address.

VLAN ID

   Specify a VLAN ID.

Scanning Result

Host Name

   Enter a host name for identification.

IP Address

   Displays the IP address.

MAC Address

   Displays the MAC address.

VLAN ID

   Displays the VLAN ID.

Port

   Displays the port number.

Protect Type

   Select the protect type for the entry:

None

   This entry will not be applied to any feature.

ARP Detection

   This entry will be applied to the ARP Detection feature.

IP Source Guard

   This entry will be applied to the IP Source Guard feature.

Both

   This entry will be applied to both the features.

DHCP Snooping

With DHCP snooping enabled, the switch can monitor the IP address obtaining process of the DHCP client, and record the IP address, MAC address, VLAN ID and the connected port number of the DHCP client for automatic binding.

To configure IP-MAC Binding via DHCP Snooping:

Step1:
Enable DHCP Snooping globally.
Step2:
Enable DHCP Snooping on one or more VLANs.
Step3:
Specify the maximum number of DHCP binding entries a port can learn via DHCP snooping.

Global Config

DHCP Snooping
Enable DHCP snooping function globally.

VLAN Config

VLAN ID
Displays the VLAN ID of the existing VLAN.
Status
Enable or disable DHCP snooping on a VLAN.

Port Config

Port
Select one or more ports to configure.
Maximum Entry
Configure the maximum number of DHCP binding entries a port can learn via DHCP snooping.
LAG
Displays the LAG that the port belongs to.

ARP DETECTION

IPV4 SOURCE GUARD