![Netis ST3326(ST-3302) [74/118] Overview of ip filtering](/img/pdf.png)
Netis ST3326(ST-3302) [74/118] Overview of ip filtering
74
Option 82 is the relay agent information option in the DHCP message. It records the location
information of the DHCP client.
When a DHCP relay agent (or a device enabled with DHCP snooping) receives a client’s request, it
adds the Option 82 to the request message and sends it to the server.
The administrator can locate the DHCP client to further implement security control and
accounting. The Option 82 supporting server can also use such information to define individual
assignment policies of IP address and other parameters for the clients.
Option 82 involves at most 255 sub-options. If Option 82 is defined, at least one sub-option must
be defined. Currently the DHCP relay agent supports two sub-options: sub-option 1 (circuit ID
sub-option) and sub-option 2 (remote ID sub-option).
Padding content and frame format of Option 82
There is no specification for what should be padded in Option 82. Manufacturers can pad it as
required.
By default, the sub-options of Option 82 for the Switches (enabled with DHCP snooping) are
padded as follows:
sub-option 1 (circuit ID sub-option): Padded with the port index (smaller than the physical
port number by 1) and VLAN ID of the port that received the client’s request.
sub-option 2 (remote ID sub-option): Padded with the bridge MAC address of the DHCP
snooping device that received the client’s request.
Overview of IP Filtering
A denial-of-service (DoS) attack means an attempt of an attacker sending a large number of
forged address requests with different source IP addresses to the server so that the network
cannot work normally. The specific effects are as follows:
The resources on the server are exhausted, so the server does not respond to other
requests.
After receiving such type of packets, a switch needs to send them to the CPU for processing.
Too many request packets cause high CPU usage rate. As a result, the CPU cannot work
normally.
The switch can filter invalid IP packets through the DHCP-snooping table and IP static
binding table.
DHCP-snooping table
After DHCP snooping is enabled on a switch, a DHCP-snooping table is generated. It is used to
record IP addresses obtained from the DHCP server, MAC addresses, the number of the port
through which a client is connected to the DHCP-snooping-enabled device, and the number of
the VLAN to which the port belongs to. These records are saved as entries in the DHCP-snooping
table.
IP static binding table
Содержание
- Snmp management switch 1
- User s guide 1
- Copyright trademarks 2
- Fcc statement 2
- Intended audience 2
- Manual description 2
- Safety notices 2
- Table of contents 3
- Chapter 1 introduction 5
- Features 5
- Technical specifications 5
- The front panel 5
- The rear panel 6
- Ac power 7
- Chapter 2 mounting device 7
- Desktop or shelf installation 7
- Installation precautions 7
- Rack installation 7
- Chapter3 login the device 8
- Configure the computer 8
- Windows xp 8
- Windows 7 windows vista 11
- Check the connection 14
- Login the device 15
- Functional overview 16
- Chapter4 system 17
- System information 17
- The home page 17
- Ip address 18
- Password 19
- Mac address 20
- Management vlan 20
- Console 21
- System time config 21
- System update 21
- Backup recovery 22
- Load default 22
- Reboot 23
- Chapter5 snmp 24
- Snmp versions 24
- Understanding snmp 24
- Snmp community strings 25
- Snmp notifications 25
- Basic config 26
- Community 27
- Management station 27
- V3engine id 28
- V3group config 28
- V3user config 29
- V3view config 30
- Chapter6 port management 31
- Port configuration 31
- Band resrtricting 32
- Port statistics 32
- Figure 6 4 1 33
- Port description 33
- Port description can make a sign to the port which is convenient for you to find any useful information quickly 33
- Storm control 33
- Understanding storm control 33
- Figure 6 5 1 34
- Set and view limit of broadcast multicast unknown unicast flood level on port 34
- Chapter7 redundancy 35
- Introduction to lacp 35
- Introduction to link aggregation 35
- Understanding etherchannels 35
- Understanding load balancing and forwarding methods 36
- Link aggregation 37
- Basic concepts in smart link 38
- Master port 38
- Slave port 38
- Smart link group 38
- Basic concepts in monitor link 39
- Downlink port 39
- Monitor link group 39
- Smart monitor link 39
- Uplink port 39
- Introduce rrpp 40
- Rrpp domain 40
- Master node 41
- Rrpp control vlan 41
- Rrpp protected vlan 41
- Rrpp ring 41
- Common port and edge port 42
- Edge node and assistant edge node 42
- Primary port and secondary port 42
- Transit node 42
- Stp overview 44
- Background of mstp 47
- Mstp overview 47
- Basic mstp terminologies 48
- Principle of mstp 50
- Mstp implementation on switches 51
- Stp configure 52
- Stp related standards 52
- Mst configure 53
- Mstp port 54
- Acl overview 57
- Chapter8 security 57
- Understanding access control parameters 57
- Acl config 58
- Introduction to vlan 59
- Time range 59
- Advantages of vlans 60
- Mac config 62
- Introduction to mac address learning 63
- Introduction to mac address table 63
- Mac address overview 63
- Managing mac address table 63
- Mac address filter 64
- Static mac address 64
- Mac address learn 65
- Architecture of 802 x authentication 66
- Introduction to 802 x 66
- Mac aging time 66
- The mechanism of an 802 x authentication system 68
- X config 68
- X local 70
- X port 70
- Dhcp ip address assignment 71
- Introduction to dhcp 71
- Ip address assignment policy 71
- Obtaining ip addresses dynamically 72
- Updating ip address lease 72
- Dhcp packet format 73
- Dhcp snooping configuration 73
- Introduction to dhcp snooping 73
- Introduction to dhcp snooping trusted untrusted ports 73
- Overview of dhcp snooping option 82 73
- Protocol specification 73
- Overview of ip filtering 74
- Dhcp configuration 75
- Dhcp bind 76
- Dhcp server trust 77
- Option82 config 78
- Option82 policy 78
- Arp function 79
- Arp message format 79
- Arp table 79
- Introduction to arp 79
- Introduction to arp attack detection 80
- Introduction to arp packet rate limit 80
- Introduction to arp source mac address consistency check 80
- Arp config 81
- Arp limite rate 83
- Chapter9 qos 85
- Introduction to qos 85
- New applications and new requirements 85
- Traditional packet forwarding service 85
- Introduction to qos features 86
- Priority trust mode 86
- Traffic classification 86
- Configuring priority trust mode 87
- Priority marking 87
- Configuring queue scheduling 88
- Dscp queue mapping 89
- Qos information 89
- P queue mapping 91
- Port default priority 92
- Queue scheduling 92
- Chapter10 multicast 94
- Igmp versions 94
- Joining a multicast group 94
- Leaving a multicast group 94
- Understanding igmp snooping 94
- Igmp report suppression 95
- Immediate leave processing 95
- Igmp snooping 96
- Understanding multicast vlan registration 96
- Cross vlan 97
- Igmp route port 98
- Igmp port policy 99
- Igmp group policy 100
- Igmp version 101
- Chapter11 network analysis 102
- Port mirror 102
- Chapter12 ipstack 104
- Introduction to ipstack 104
- Ipstack 104
- Batch update 105
- Topology 106
- Chapter13 network euipment 107
- Loopback detection 107
- Chapter14 advanced setup 109
- Introduction to gvrp 109
- Operating mechanism of garp 109
- Gvrp config 110
- Protocol specifications 110
- Gvrp vlan info 111
- Ssh configuration 112
- Ssh auth and import 113
- Ssh user auth mode 113
- Figure 14 2 3 114
- Selective qinq overview 114
- Ssh authentication mode settings ssh authentication mode settings authentication mode password publickey or both username input username user host ip input user host ip pulbic key algorithm set algorithnm of publicy key rsa or dsa key file choose a key file 114
- Chapter15 save parameters 116
- But can t communication 117
- Can t login to manage switch 117
- Chapter16 faq 117
- Link status indicator don t shows normal link error 117
- Link status indicator show normal 117
- Switch start up failure 117
- Power failure 118
Похожие устройства
- Netis ST3326(ST-3302) Технические характеристики
- Bosch tas 4504 Инструкция по эксплуатации
- Bosch mcm 3100w Инструкция по эксплуатации
- Netis ST3328(ST-3303) Технические характеристики
- Bosch mcm 3200w Инструкция по эксплуатации
- Netis ST3324G(ST3305) Инструкция по эксплуатации
- Bosch mum 57830 Инструкция по эксплуатации
- Netis ST3324GF(ST3306) Инструкция по эксплуатации
- Bosch mum 57860 Инструкция по эксплуатации
- Bosch mum xl40g Инструкция по эксплуатации
- Bosch tds 2241 Инструкция по эксплуатации
- Netis PE6110 Инструкция по эксплуатации
- Netis PE6328GF Инструкция по эксплуатации
- Netis PE6310H Инструкция по эксплуатации
- Netis PE6310GFH Инструкция по эксплуатации
- Netis PE6310GF Инструкция по эксплуатации
- Netis PE6310 Инструкция по эксплуатации
- Netis PE6108GH Инструкция по эксплуатации
- Netis PE6108G Инструкция по эксплуатации
- Netis PE6108H(PE-6201) Инструкция по эксплуатации