Allied-telesis AT-GS950/24 Manual do Utilizador Página 228
- Página / 366
- Índice
- MARCADORES
Avaliado. / 5. Com base em avaliações de clientes
Chapter 16: DHCP Snooping
228
Overview
The DHCP Snooping feature provides security by inspecting ingress
packets for the correct IP and MAC address information. The DHCP
Snooping feature defines the AT-GS950/24 ports as either trusted or
untrusted. With DHCP Snooping enabled, two network security issues are
addressed:
All ingress DHCP packets are examined on the untrusted ports
and only authorized packets are passed through the switch.
Unwanted ingress DHCP packets are discarded. See
"Unauthorized DHCP Servers".
DHCP ingress packets on an untrusted port are inspected to insure
that the source IP Address and MAC Address combination in each
packet is valid when compared to the DHCP Snooping Binding
Table. If match is not found, the packet is discarded.
Trusted Ports By definition, trusted ports inherently trust all ingress Ethernet traffic.
There is no checking or testing on ingress packets for this type of port. A
trusted port connects to a DHCP server in one of the following ways:
Directly to the legitimate trusted DHCP Server
A network device relaying DHCP messages to and from a trusted
server
Another trusted source such as a switch with DHCP Snooping
enabled.
Untrusted Ports The Ethernet traffic on an untrusted port is inherently not trusted. The
ingress packets are consequently tested against specific criteria to
determine if they can be forwarded through the switch or should be
immediately discarded. Untrusted ports are connected to DHCP clients
and to traffic that originates outside of the LAN.
Unauthorized
DHCP Servers
Normally in a network, a single DHCP server exists in a local area network
(LAN). The DHCP server supplies network configuration information to
individual devices on the network including the assigned IP address for
each host. A trusted DHCP server is connected to a trusted port on the
switch.
It is possible that another unauthorized and unwanted DHCP server could
be connected to the network. This situation can occur if a client on the
network happens to enable a DHCP server application on his workstation
of if someone outside the network attempts to send DHCP packets to your
network. These situations pose a security risk.
A network device initially sends out a DHCPDISCOVER packet so that a
DHCP server will respond. It waits for and then accepts the
- AT-GS950/24 1
- Contents 3
- List of Figures 9
- List of Tables 13
- Contacting Allied Telesis 17
- Chapter 1 19
- Switch’s IP Address 20
- Web Browser Tools 23
- Basic Switch Configuration 25
- IP Access List Configuration 28
- Delete an IP 30
- Address List 30
- System Time 31
- Setting Daylight 33
- Parameters 33
- DHCP Client Configuration 35
- DHCP Auto Configuration 37
- System Management Information 38
- Add New User 40
- Name and 40
- Password 40
- Modify User 41
- Delete User Name 42
- User Interface Configuration 43
- User Interface 44
- System Information Display 45
- Switch Reboot 47
- Configure 49
- Factory Default 49
- Disabling Factory 51
- Default Reset 51
- Enabling Factory 52
- Pinging a Remote System 54
- SSL Settings 56
- 4. Click Apply 57
- System Log Configuration 58
- Display and Configure Ports 63
- Chapter 3: Port Configuration 64
- Port Mirroring 69
- Port Mirroring Configuration 71
- Chapter 4: Port Mirroring 72
- Disable Port Mirroring 73
- Virtual LANs 75
- VLAN Overview 76
- Port-based 77
- Tagged VLAN 78
- VLAN Name 79
- Tagged and Untagged Ports 79
- Port VLAN Identifier (PVID 79
- Assign Ports to a VLAN Mode 81
- Chapter 5: Virtual LANs 82
- Tagged VLAN Configuration 83
- Modify a Tagged 84
- Name field 86
- Delete a Tagged 87
- Tagged VLAN Port Settings 89
- Port-Based VLAN Configuration 91
- Modify a Port 92
- Based VLAN 92
- Delete a Port 92
- Chapter 6 95
- Overview and Guidelines 96
- Time Settings 100
- Chapter 6: GVRP 102
- Voice VLAN 103
- Overview 104
- Dynamic Auto 105
- Detection vs 105
- Static Ports 105
- Chapter 7: Voice VLAN 106
- General Guidelines 107
- Configuration 108
- OUI Setting 111
- Modify OUI 112
- Delete OUI 112
- STP and RSTP 113
- Bridge Priority 115
- Path Costs and Port Costs 116
- Port Priority 116
- Forwarding 117
- Delay and 117
- Topology 117
- Point-to-Point and Edge Ports 118
- Mixed STP and 119
- RSTP Networks 119
- Spanning Tree 120
- Chapter 8: STP and RSTP 122
- Configure RSTP Port Settings 126
- Configure the 128
- Advanced RSTP 128
- Port Settings 128
- Spanning Tree Topology 131
- Chapter 9 133
- Head2 Head3 134
- VLAN Mapping 137
- Modify MST 138
- Instance 138
- Delete MST 138
- Port Configuration 139
- Topology Information 144
- Static Port Trunking 147
- Create a Port Trunk 151
- Modify a Port Trunk 153
- Disable a Port Trunk 155
- LACP Port Trunks 157
- System Priority 159
- Port Priority Value 159
- Chapter 11: LACP Port Trunks 160
- Group Status 163
- Port Priority Configuration 166
- Quality of Service (CoS) 167
- Egress Queue vs 169
- Packet Priority 169
- Prioritizing 170
- Untagged Packets 170
- Queue Scheduling Algorithm 177
- Access Control Configuration 179
- Classifier 180
- 1 - 65535 181
- Profile Action 185
- Modify Profile 186
- Delete Profile 187
- 4. Click on the OK button 188
- In-Profile Action 189
- Modify In-Profile 191
- Delete In-Profile 192
- Out-Profile Action 193
- Modify Out 195
- Delete Out 196
- Port List 197
- “Create Policy,” next 200
- “Modify Policy” on page 202 200
- “Delete Policy” on page 203 200
- Policy Sequence 205
- Storm Control 207
- Ingress Rate 209
- Limiting 209
- Egress Rate 209
- Ingress Rate Limiting 212
- Egress Rate Limiting 214
- MAC Address Table 215
- Chapter 15: MAC Address Table 218
- Modify Static Unicast Address 220
- Delete Static Unicast Address 221
- DHCP Snooping 227
- DHCP with 229
- Option 82 229
- General Configuration 231
- Chapter 16: DHCP Snooping 232
- VLAN Setting 233
- Modify VLAN 234
- Delete VLAN 234
- Binding Database 236
- IGMP Snooping 239
- IGMP Snooping Configuration 242
- Chapter 17: IGMP Snooping 244
- Security 245
- Port Access Control 246
- Port Access 247
- Chapter 18: Security 248
- RADIUS Client 251
- Radius Client 252
- Dial-in User 254
- Modify a Dial-in User 255
- Delete a Dial-in User 256
- Destination MAC Filter 257
- Destination MAC 258
- Chapter 19 259
- Global Configuration 261
- Information 262
- Neighbors Information 264
- SNMPv1 and v2c 265
- SNMPv1 and SNMPv2c Overview 266
- Attributes 267
- Activate SNMP Interface 268
- Create SNMP v1/ 269
- Group Names 269
- SNMPv1/v2 Community Strings 271
- SNMP Traps 273
- Modify Trap 274
- Host Table Entry 274
- Delete Trap Host 274
- Table Entry 274
- Chapter 21 275
- SNMPv3 Overview 276
- SNMPv3 Privacy 277
- Protocol 277
- SNMPv3 MIB 277
- SNMPv3 User and Group Names 280
- SNMPv3 View Names 282
- Modify SNMPv3 283
- View Names 283
- Delete SNMPv3 283
- View Table 285
- SNMPv3 Traps 287
- Chapter 22 289
- Enable and Disable RMON 291
- Port Statistics 292
- Histories 293
- Chapter 22: RMON 294
- Network Statistics 301
- Traffic Comparison Statistics 303
- Error Group Statistics 306
- Historical Status Charts 308
- Management Software Updates 311
- File Upload 318
- File Download 318
- Loopback Protection 323
- Cable Diagnostics 327
- Chapter 26: Cable Diagnostics 328
- MSTP Overview 329
- Resolving VLAN 332
- Fragmentation 332
- Multiple VLANS 333
- Assigned to an 333
- Appendix A: MSTP Overview 334
- VLAN and MSTI Associations 336
- Ports in Multiple MSTIs 337
- MST Region 340
- Guidelines 340
- Associating VLANs to MSTIs 343
- Summary of Guidelines 347
- Appendix A 349
- Parameter 356
- Default Setting 356
- Specifications 356
Manuais e produtos relacionados com Hardware de computador Allied-telesis AT-GS950/24
Hardware de computador Allied-telesis Removable Power Supply and Fan Manual do Utilizador
(27 páginas)
(27 páginas)
Hardware de computador Allied-telesis x900 Series Switch and SwitchBlade x908 Manual do Utilizador
(55 páginas)
(55 páginas)
(46 páginas)© 2020, manymanuals-pt.com. Todos os direitos reservados. | 0.077 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais