![АМАТЕК AN-SGM28P24-400 [75/322] Brief introduction](/img/pdf.png)
АМАТЕК AN-SGM28P24-400 [75/322] Brief introduction
![АМАТЕК AN-SGM28P24-400 [75/322] Brief introduction](/views2/1774597/page75/bg4b.png)
74 / 322
5.1 brief introduction
Configuring IP and MAC binding on Layer 2 switch ports is a static defense against ARP
attacks。ARP attackers attack MAC users by sending ARP messages with false MAC addresses,
which causes the local ARP cache table to be covered by the attacker's address, so that the normal
data flows to the attacker。In the switch port configuration command static binding user IP address
and MAC address can effectively filter ARP attack packets。
In addition to anti-ARP spoofing function, IP MAC binding function can protect the IP and
MAC one by one mapping relationship, that is an IP can only correspond to a MAC, a MAC can
only correspond to an IP, if then The incoming device modifies this mapping, and it will not be
able to communicate in this network。802.1x anti ARP spoofing function and DHCP SNOOPING
protocol are the dynamic implementation of this function。
The four functions of IP MAC binding, ACL, 802.1x anti ARP spoofing and DHCP
SNOOPING all use the same system resource CFP, and pay attention to whether the resources of
CFP are exhausted when configuring。We have developed a compatibility relationship between
them in the design。Following table:
IP MAC
binding
ACL 802.1x DHCP SNOOPING
IP MAC binding
compatible
Incompatible
compatible
compatible
ACL
Incompatible
compatible
Incompatible
Incompatible
802.1x
compatible
Incompatible
compatible
Incompatible
DHCP
SNOOPING
compatible Incompatible Incompatible compatible
CFP is a limited hardware resource, the average to each port can only be configured 16 IP
MAC binding entries, so in a network access to a host if only a few ports or a small number of IP
and MAC addresses need to be controlled, you can use static The IP MAC binding function。
Avoiding CFP function exhaustion leads to data forwarding failure。
In addition, as for the use of 802.1x or DHCP SNOOPING protocol, depending on the
current situation, if you use a static IP address configuration and use the 802.1x protocol to access
the network to use 801.1x anti-ARP spoofing can be effective, if the use of dynamic access to IP
address , Use the DHCP SNOOPING protocol。
5.2 IP and MAC binding configurations
IP binds to MAC in the interface mode configuration
Configuring port IP and MAC bindingSwitch#configure terminal
Switch(config)#interface ge1/1
Switch(config-ge1/1)#ip mac-bind A.B.C.D MAC
Delete port IP and MAC binding
Switch#configure terminal
Switch(config)#interface ge1/1
Switch(config-ge1/1)#no ip mac-bind A.B.C.D MAC
Содержание
- Gigabit managed switch cli command manual 1
- Catalog 2
- Ipv6 display and maintenance 321 13
- First chapters 14
- Introduction of cli command line 14
- Access switch cli 15
- Users access cli through console port 15
- Users access cli through telnet 16
- Cli mode introduction 17
- Identification of cli mode 18
- The role of cli model 18
- Classification of cli patterns 19
- Command composition 21
- Introduction to command syntax 21
- Command syntax rules 22
- Parameter type 22
- Command abbreviation 23
- Command line error message 24
- Grammar help 24
- Command line shortcuts 25
- Line edit shortcut key 25
- Display command shortcut key 26
- History command 26
- Multi user management control 27
- Second chapters 27
- System management configuration 27
- System security configuration 27
- Tacacs authentication authorization 29
- Anonymous user password control 31
- Enable password control 32
- Snmp service control 34
- Telnet service control 34
- Http service control 35
- Ssh service control 36
- System maintenance and debugging 36
- Configure the host name of the system 37
- Configuring the system clock 37
- Configure terminal timeout attributes 38
- System reset 38
- Network connectivity debugging 39
- View system information 39
- Detecting line distance 40
- Traceroute debugging 40
- Telnet client 41
- Udld configuration 41
- Configuration file management 42
- Save configuration 43
- View configuration information 43
- Delete configuration file 44
- Download configuration files 44
- Software version upgrade 47
- Software upgrade process 48
- Software version upgrade commands 48
- The switch can not be switched off during the upgrade process 50
- Port configuration 51
- Third chapters 51
- Common configuration for ports 52
- Display port information 52
- Port rate configuration 52
- Configuration mirror 53
- Configuration of the mirror listen on port and 53
- Configuration of the mirror listen on port and is listening on port 53
- Is listening on port 53
- Configuring storm control 54
- Display the configuration of mirror 54
- Broadcast suppression configuration 55
- Default configuration 55
- Multicast suppression configuration 55
- Configuring storm constrain 56
- Display storm control configuration 56
- Dlf suppression configuration 56
- Inhibition rate configuration 56
- Configuring flow control 59
- Default configuration 59
- Closed port flow control 60
- Configuring port bandwidth 60
- Display flow control information 60
- Set port receive and send side flow control 60
- Bandwidth control 61
- Bandwidth control of display port configuration 61
- Cancellation of port transmit or receive 61
- Cancellation of port transmit or receive bandwidth control 61
- Default configuration 61
- Set port send or receive bandwidth control 61
- Configuring trunk 62
- Lacp protocol configuration 62
- Configuration of trunk group 64
- Trunk group member port configuration 64
- Display of trunk 65
- Trunk load balancing policy configuration 65
- Configuration of redundant ports 66
- Configure super large frame 66
- Configuring redundant ports 66
- Oversize configuration 66
- Oversize introduction 66
- Display of redundant ports 67
- Configuring lldp 68
- Lldp configuration 68
- Lldp display 69
- Brief introduction 70
- Fourth chapters 70
- Port based mac security 70
- Mac binding configuration 71
- Mac filter configuration 71
- Port learning constraint configuration 72
- Fifth chapters 74
- Port ip and mac binding 74
- Brief introduction 75
- Ip and mac binding configurations 75
- Configuration example 76
- Configuration misarrangement 77
- Sixth chapters 78
- Vlan configuration 78
- Vlan introduce 78
- The benefits of vlan 79
- Vlan id 80
- Default vlan of port 81
- Port vlan mode 81
- Vlan port member type 81
- Data flow is forwarded in vlan 82
- Vlan relay 82
- Creating and deleting vlan 84
- Vlan configuration 84
- Configuring port vlan mode 85
- Vlan configuration of access mode 86
- Vlan configuration of trunk mode 87
- Hybrid mode vlan configuration 88
- View vlan information 89
- Vlan based on port 90
- Vlan configuration example 90
- See if the port connecting a particular pc machine is within the specified vlan 91
- Vlan based on 802 q 91
- Mac ip subnet protocol vlan 93
- Voice vlan 94
- Vlan mapping 96
- Qos configuration 99
- Seventh chapters 99
- Qos introduce 100
- Qos based on cos 101
- Qos based on dscp 101
- Default configuration for qos 102
- Policy based qos 102
- Qos configuration 102
- Configuration scheduling mode 103
- Configure the mapping relationship between 104
- Configure the mapping relationship between dscp and qosprofile 104
- Configuring port qos 104
- Configuring queue weights 104
- Dscp and qosprofile 104
- Configuring the port user priority cos value 107
- Example of basic qos configuration 107
- Policy qos configuration example 108
- Eighth chapters 109
- Mstp configuration 109
- Ist cist and cst 110
- Mstp introduce 110
- Multiple spanning tree domains 110
- Overview 110
- Intra domain operation 111
- Hop count 112
- Inter domain operation 112
- Boundary port 113
- Mstp 802 d and stp interoperability 113
- Port role 114
- A brief introduction to 802 d spanning tree 116
- Default configuration 8 default configuration 117
- Mstp configuration 117
- General configuration 118
- Domain configuration 120
- Instance configuration 121
- Port configuration 121
- Portfast related configuration 124
- Root guard configuration 125
- Mstp configuration example 126
- Eaps configuration 128
- Ninth chapters 128
- Basic concepts of eaps 129
- Eaps brief introduction 129
- Eaps protocol introduction 129
- Link down alarm 130
- Loop inspection 130
- Extreme compatible with eaps 131
- Multi eaps domain 131
- Ring restoration 131
- A brief introduction to the eaps command 132
- Eaps configuration 132
- Restrictive conditions 132
- Eaps configuration command 133
- Single loop configuration example 134
- Example of cross ring data forwarding configuration 139
- Erps configuration 143
- Erps node 143
- Erps overview 143
- Erps ring 143
- Introduction of erps technology 143
- Tenth chapters 143
- Erps vlan 144
- Link and channel 144
- Erps working principle 145
- Link failures 145
- Normal state 145
- Link recovery 146
- Erps load balancing 147
- Good safety 147
- Technical features of erps 147
- Erps protocol command 148
- Multi loop intersecting is supported 148
- Example of single ring 150
- Typical use of erps 150
- Multi ring example 154
- Multi instance load balancing example 159
- Aaa configuration 168
- Eleventh chapters 168
- 802 x introduce 169
- 802 x device composition 170
- Brief introduction of protocol package 171
- Protocol flow interaction 172
- 802 x port state 174
- Brief introduction of protocol package 175
- Radius introduce 175
- Protocol flow interaction 177
- User authentication method 178
- 802 x default configuration 179
- Configuring 802 x 179
- Configuring 802 x port status 180
- Start and close 802 x 180
- Configuring 802 x port authentication 181
- Configuring 802 x port guest vlan 181
- Configuration re authentication mechanism 182
- Maximum number of configuration port access host 182
- Configuration port is the transport port 183
- Configure interval times and resend times 183
- 0 configuring the 802 x client version number 184
- 1 configure whether to check the client version 184
- 1 configure whether to check the client version number 184
- 2 configuration authentication method 184
- Number 184
- 3 configure whether to check the client s timing packet 185
- 4 display 802 x information 185
- Configuration radius 185
- Configuring the ip address of the authentication 186
- Configuring the ip address of the authentication server 186
- Radius default configuration 186
- Server 186
- Configuring radius ports and attribute information 187
- Configuring shared keys 187
- Start and close billing 187
- Configuration example 188
- Configuring radius roaming function 188
- Display radius information 188
- Gmrp introduce 189
- Gmrpconfiguration 189
- Twelfth chapters 189
- Configuration gmrp 190
- Open gmrp settings 190
- View gmrp information 190
- Examples of typical gmrp configurations 191
- Igmp snooping introduce 192
- Snooping configuration 192
- Thirteenth chapters 192
- Igmp snooping processing 193
- Join a group 194
- Second layer dynamic multicast 194
- Query query 195
- Report 195
- Switch 195
- Leave a group 196
- Query query 196
- Report 196
- Switch 196
- Igmp snooping configuration 197
- Igmp snooping default configuration 197
- Open and close igmp snooping 197
- Configuration fast leave 198
- Configuration survival time 198
- Configuration mrouter 199
- Display information 199
- The igmp snooping configuration example 200
- Fourteenth chapters 201
- Mvr configuration 201
- Configuration mvr 202
- Mvr profile 202
- Mvr configuration example 203
- Dhcp snooping configuration 205
- Dhcp snooping introduce 205
- Fifteenth chapters 205
- Dhcp snooping binding table 206
- Dhcp snooping processing 206
- Dhcp snooping specifies the physical port of 207
- Dhcp snooping specifies the physical port of the linked server 207
- The linked server 207
- Dhcp snooping binding list is uploaded and 208
- Dhcp snooping binding list is uploaded and downloaded 208
- Dhcp snooping configuration 208
- Dhcp snooping default configuration 208
- Downloaded 208
- Global open and close dhcp snooping 208
- Dhcp snooping binding list is uploaded and downloaded 209
- The interface opens and closes dhcp snooping 209
- Dhcp snooping configuration example 210
- Display information 210
- Configuration 211
- Dhcp snooping configuration error 212
- Mld snooping configuration 213
- Sixteenth chapters 213
- Mld snooping introduce 214
- Mld snooping processing 214
- Second layer dynamic multicast 215
- Join a group 216
- Leave a group 217
- Mld snooping configuration 218
- Mld snooping default configuration 218
- Open and close mld snooping 218
- Configuration fast leave 219
- Configuration survival time 219
- Configuration mrouter 220
- Display information 220
- Mld snooping configuration example 221
- Acl configuration 222
- Acl configuration acl configuration 222
- Seventeenth chapters 222
- Introduction of acl resource library 223
- Acl filtering introduction 225
- Acl repository configuration 227
- Acl based on time interval 229
- Acl configuration example 232
- Acl filter configuration 232
- Acl configuration debugging 234
- Configuring the vlan interface 235
- Eighteenth chapters 235
- Tcp ip basic configuration 235
- Configuring arp 238
- Configuring static arp 238
- View arp information 239
- Configuring static routing 240
- Tcp ip basic configuration example 243
- Three layer interface 243
- Static routing 244
- Nineteenth chapters 245
- Snmp configuration 245
- Snmp introduce 246
- Snmp configuration 247
- Snmp configuration example 250
- Rmon configuration 251
- Rmon introduce 251
- Wwentieth chapters 251
- Rmon configuration 252
- Rmon configuration example 255
- Cluster configuration 256
- Cluster definition 256
- Introduction of cluster management 256
- Twenty first chapters 256
- Cluster role 257
- Ndp profile 258
- Ntdp profile 259
- Cluster management maintenance 260
- Brief introduction of cluster configuration 262
- Managing vlan 262
- Configuration management equipment 263
- Enable system and port ndp capabilities 263
- Capabilities 264
- Configuring ndp parameters 264
- Enable system and interface ntdp 264
- Enable system and interface ntdp capabilities 264
- Configure manual collection of ntdp information 265
- Configuring ntdp parameters 265
- Build clusters 266
- Enable cluster function 266
- Configure the cluster s internal members to 268
- Configure the cluster s internal members to interact 268
- Interact 268
- Configuration member device 269
- Configure manual collection of ntdp information 269
- Configuring access cluster members 269
- Configuring cluster member management 269
- Enable cluster function 269
- Enable system and port ndp capabilities 269
- Enable system and port ntdp capabilities 269
- Cluster management display and maintenance 270
- Administrator 271
- Example of cluster management typical configuration 271
- Fe1 1 fe1 1 271
- Fe1 3 fe1 2 271
- Mac 000f e201 0011 mac 000f e201 0013 271
- Mac 000f e201 0012 271
- Member 271
- Switcha 271
- Switchb 271
- Switchc 271
- System log configuration 273
- Twenty second chapters 273
- Format of log information 274
- System log introduction 274
- Log storage 276
- Debugging tools 277
- Log display 277
- Configuring terminal real time display switch 278
- System log configuration 278
- Configure debugging switch 279
- View log information 279
- View debugging information 281
- Configuration syslog 282
- Syslog introduce 282
- Syslog configuration 283
- Syslog configuration example 284
- Port loop 285
- Twenty third chapters 285
- Detection process 286
- Profile 286
- Protocol principle 286
- Recovery mode 286
- Configuration introduction 287
- Global configuration 287
- Protocol security 287
- Display configuration 288
- Interface configuration 288
- Sntp configuration 289
- Sntp introduce 289
- Twenty fourth chapters 289
- Configuration sntp 290
- Configuring sntp server address 290
- Default sntp settings 290
- Configure the sntp sync clock interval 291
- Configuring the local time zone 291
- Sntp information display 292
- Oam configuration 293
- Oam introduce 293
- Twenty fifth chapters 293
- Distal loopback 294
- Link performance monitoring 294
- Remote fault detection 294
- Configuration oam 295
- Typical configuration examples of oam 296
- Cfm configuration 297
- Twenty sixth 297
- Basic concepts of cfm 298
- Cfm profile 298
- Continuous testing function 301
- Link tracking function 301
- Loopback function 301
- Various functions of cfm 301
- Brief introduction of cfm configuration task 302
- Cfm base configuration 302
- Enable cfm function 302
- Configuration maintenance endpoint 303
- Configuration service instance 303
- Configuration maintenance intermediate point 304
- Configuration continuity detection function 305
- Configuration loopback function 305
- Configure various functions of cfm 305
- Cfm display and maintenance 306
- Configuring link tracking function 306
- Typical configuration examples 307
- Ipv6 basic configuration 311
- Ipv6 profile 311
- The characteristics of ipv6 protocol 311
- Twenty seventh chapters 311
- Ipv6 address introduction 313
- Ipv6 neighbor discovery protocol 315
- Ipv6 pmtu discovery 317
- Configure ipv6 basic functionality 318
- Configuring ipv6 unicast address 318
- Ipv6 basic configuration task profile 318
- Protocol specification 318
- Configuring ipv6 neighbor discovery protocol 319
- Configuring the parameters of the ra message 319
- Messages when configuring duplicate address detection 321
- The number of sending neighbor request 321
- The number of sending neighbor request messages when configuring duplicate address detection 321
- Ipv6 display and maintenance 322
- Ipv6 static routing configuration 322
Похожие устройства
- АМАТЕК AN-SM26P24 Список рекомендованных SFP модулей
- АМАТЕК AN-SM26P24 Паспорт
- АМАТЕК AN-SM26P24 Руководство пользователя
- АМАТЕК AN-S10P8G-150 Краткое Руководство
- АМАТЕК AN-S6P4D Краткое Руководство
- АМАТЕК APN-SX10P Краткое Руководство
- АМАТЕК AN-PEX Инструкция по эксплуатации
- АМАТЕК AN-PI30GL Инструкция по эксплуатации
- АМАТЕК AN-PI30 Инструкция по эксплуатации
- АМАТЕК AN-PSL Инструкция по эксплуатации
- АМАТЕК AN-PI60G Инструкция по эксплуатации
- АМАТЕК AN-PC Инструкция по эксплуатации
- АМАТЕК AR-HT41LNX 3G USB модем для работы с регистраторами. Список протестированных моделей
- АМАТЕК AR-HT41LNX Подключение WIFI модуля
- АМАТЕК AR-HT41LNX Настройка email уведомлений
- АМАТЕК AR-HT41LNX 3G USB модем. Инструкция по подключению к регистратору
- АМАТЕК AR-HT41LNX Копирование видеозаписи на USB накопитель
- АМАТЕК AR-HT41LNX Соединения по протоколу RTSP
- АМАТЕК AR-HT41LNX Краткая инструкция по эксплуатации
- АМАТЕК AR-HT41LNX Инструкция для сброса пароля Администратора
Скачать
Случайные обсуждения