![SNR S2989G-24TX-UPS — настройка DHCP Snooping для защиты сети и управления доступом [216/553]](/icons/site-icon-64.png){kind=icon}
SNR S2989G-24TX-UPS — настройка DHCP Snooping для защиты сети и управления доступом [216/553]
Превью страниц
Страница 216 /
553
![SNR S2989G-24TX-UPS Руководство по настройке онлайн [216/553] 747282](/views2/1978540/page216/bgd8.png)
S2989G-24TX Operation Manual
Chapter 3 IP services Configuration
3-54
SERVER or DHCP RELAY Proxy, and untrust ports are used to connect DHCP CLINET.
The switch will forward the DCHP request messages from untrust ports, but not DHCP
reply ones. If any DHCP reply messages is received from a untrust port, besides giving an
alarm, the switch will also implement designated actions on the port according to settings,
such as “shutdown”, or distributing a “blackhole”. If DHCP Snooping binding is enabled,
the switch will save binding information (including its MAC address, IP address, IP lease,
VLAN number and port number) of each DHCP CLINET on untrust ports in DHCP
snooping binding table With such information, DHCP Snooping can combine modules like
dot1x and ARP, or implement user-access-control independently.
Defense against Fake DHCP Server: once the switch intercepts the DHCP Server reply
packets(including DHCPOFFER, DHCPACK, and DHCPNAK), it will alarm and respond
according to the situation(shutdown the port or send Black hole)。
Defense against DHCP over load attacks: To avoid too many DHCP messages
attacking CPU, users should limit the DHCP speed of receiving packets on trusted and
non-trusted ports.
Record the binding data of DHCP: DHCP SNOOPING will record the binding data
allocated by DHCP SERVER while forwarding DHCP messages, it can also upload the
binding data to the specified server to backup it. The binding data is mainly used to
configure the dynamic users of dot1x user based ports. Please refer to the chapter
called“dot1x configuration” to find more about the usage of dot1x use-based mode.
Add binding ARP: DHCP SNOOPING can add static binding ARP according to the
binding data after capturing binding data, thus to avoid ARP cheating.
Add trusted users: DHCP SNOOPING can add trusted user list entries according to the
parameters in binding data after capturing binding data; thus these users can access all
resources without DOT1X authentication.
Automatic Recovery: A while after the switch shut down the port or send blockhole, it
should automatically recover the communication of the port or source MAC and send
information to Log Server via syslog.
LOG Function: When the switch discovers abnormal received packets or automatically
recovers, it should send syslog information to Log Server.
The Encryption of Private Messages: The communication between the switch and the
inner network security management system TrustView uses private messages. And the
users can encrypt those messages of version 2.
Add authentication option82 Function: It is used with dot1x dhcpoption82
authentication mode. Different option 82 will be added in DHCP messages according to
user’s authentication status.
Содержание
666- Chapter 1 basic management configuration 1 1
- Chapter 2 layer 2 services configuration 2 1
- Content 1
- Content
- Efm oam 2 31
- Uldp 2 11
- Mtu 2 30
- Lldp 2 17
- Vlan 2 58
- Gvrp 2 66
- Port security 2 47
- Lldp med 2 41
- Ddm 2 49
- Vlan 2 76
- Chapter 3 ip services configuration 3 1
- Vlan 2 85
- Vlan 2 80
- Arp 3 16
- Urpf 3 14
- Arp guard 3 26
- Dhcp 3 37
- Arp 3 30
- Configuration 4 1
- Ecmp 4 14
- Chapter 4 routing protocol related
- Bfd 4 19
- Vlan 5 45
- Igmp 5 28
- Configuration 5 25
- Chapter 6 security function configuration 6 1
- Chapter 5 multicast protocol related
- Vlan 6 45
- Tacacs 6 53
- Ssl 6 62
- Radius 6 55
- Vlan acl 6 66
- S 6 96
- S 6 113
- Mab 6 70
- Mstp 7 1
- Chapter 7 reliability configuration 7 1
- Ulsm 7 28
- Ulpp 7 20
- Q 6 121
- Mrpp 7 13
- Erps 7 32
- Chapter 8 debugging and diagnosis configuration
- Copp 8 6
- Vsf 10 1
- Chapter 9 network time management
- Chapter 10 virtualization configuration 10 1
- Sntp 9 1
- Rspan 8 23
- Ntp 9 3
- Configuration 9 1
- Ra 11 35
- Chapter 11 ipv6 configuration 11 1
- 38 11 11
- Savi 11 37
- Management options
- Chapter 1 basic management
- Switch management
- Configuration
- Management via telnet
- In band management
- Management via http
- Software
- Manage the switch via snmp network management
- Cli interface
- User mode
- Configuration modes
- Global mode
- Admin mode
- Shortcut key support
- Configuration syntax
- Returned information success
- Input verification
- Help function
- Basic switch configuration
- Basic configuration
- Telnet management
- Example of ssh server configuration
- Ssh server configuration task list
- Switch ip addresses configuration task list
- Configure switch ip addresses
- Snmp configuration
- Introduction to mib
- Snmp configuration task list
- Snmp configuration
- Introduction to rmon
- Typical snmp configuration examples
- Switch upgrade
- Bootrom upgrade
- Introduction to ftp tftp
- Ftp tftp upgrade
- Ftp tftp configuration task list
- Ftp tftp configuration
- Ftp tftp configuration examples
- Ftp tftp troubleshooting
- Tftp troubleshooting
- Ftp troubleshooting
- Introduction to file storage devices
- File system operation configuration task list
- File system
- Typical applications
- Troubleshooting
- Introduction to cluster network management
- Cluster
- Sequence
- Cluster network management configuration
- Examples of cluster administration
- Cluster administration troubleshooting
- Configuration
- Chapter 2 layer 2 services
- Port configuration
- Network port configuration task list
- Introduction to port
- Port configuration example
- Port troubleshooting
- Task sequence of port isolation
- Port isolation
- Introduction to port isolation function
- Port isolation function typical examples
- Introduction to port loopback detection
- Port loopback detection
- Function
- Task list
- Port loopback detection function configuration
- Port loopback detection function example
- Introduction to uldp function
- Port loopback detection troubleshooting
- Uldp configuration task sequence
- Uldp function typical examples
- Uldp troubleshooting
- Introduction to lldp function
- Lldp function configuration task sequence
- Lldp function typical example
- Lldp function troubleshooting
- Port channel
- Introduction to port channel
- Brief introduction to lacp
- Static lacp aggregation
- Port channel configuration task list
- Dynamic lacp aggregation
- Port channel examples
- Introduction to mtu
- Port channel troubleshooting
- Mtu configuration task sequence
- Introduction to efm oam
- Efm oam
- Efm oam configuration
- Efm oam troubleshooting
- Efm oam example
- Introduction to bpdu tunnel
- Bpdu tunnel
- Bpdu tunnel configuration task list
- Examples of bpdu tunnel
- Lldp med configuration task sequence
- Lldp med
- Introduction to lldp med
- Bpdu tunnel troubleshooting
- Lldp med example
- Introduction to port security
- Port security configuration task list
- Port security
- Lldp med troubleshooting
- Example of port security
- Port security troubleshooting
- Introduction to ddm
- Brief introduction to ddm
- Ddm function
- Ddm configuration task list
- Examples of ddm
- Introduction to vlan
- Ddm troubleshooting
- Vlan configuration task list
- Typical vlan application
- Typical application of hybrid port
- Introduction to gvrp
- Gvrp configuration task list
- Example of gvrp
- Introduction to dot1q tunnel
- Gvrp troubleshooting
- Dot1q tunnel
- Dot1q tunnel configuration
- Typical applications of the dot1q tunnel
- Vlan translation configuration
- Vlan translation
- Introduction to vlan translation
- Dot1q tunnel troubleshooting
- Typical application of vlan translation
- Vlan translation troubleshooting
- Dynamic vlan configuration
- Dynamic vlan
- Introduction to dynamic vlan
- Typical application of the dynamic vlan
- Dynamic vlan troubleshooting
- Voice vlan
- Introduction to voice vlan
- Voice vlan configuration
- Typical applications of the voice vlan
- Voice vlan troubleshooting
- Multi to one vlan translation configuration
- Multi to one vlan translation
- Introduction to multi to one vlan translation
- Typical application of multi to one vlan
- Translation
- Super vlan
- Multi to one vlan translation troubleshooting
- Introduction to super vlan
- Super vlan configuration
- Typical application of super vlan
- Vlan 3 vlan 4
- Super vlan troubleshooting
- Mac table
- Introduction to mac table
- Obtaining mac table
- Forward or filter
- Mac address table configuration task list
- Typical configuration examples
- Mac table troubleshooting
- Mac notification configuration
- Mac notification
- Introduction to mac notification
- Mac notification troubleshooting
- Mac notification example
- Layer 3 interface configuration task list
- Layer 3 interface
- Introduction to layer 3 interface
- Chapter 3 ip services configuration
- Ip configuration
- Introduction to ipv4 ipv6
- Ip configuration
- Ip configuration examples
- Configuration examples of ipv4
- Configuration examples of ipv6
- Ipv6 troubleshooting
- Ip forwarding
- Introduction to ip forwarding
- Ip route aggregation configuration task
- Introduction to urpf
- Urpf configuration task sequence
- Urpf typical example
- Urpf troubleshooting
- Introduction to arp
- Arp configuration task list
- Station movement
- L3 station movement configuration task list
- Introduction to l3 station movement
- Arp troubleshooting
- Introduction to arp scanning prevention
- Function
- Arp scanning prevention
- Sequence
- Arp scanning prevention configuration task
- Arp scanning prevention typical examples
- Arp scanning prevention troubleshooting help
- Overview
- Prevent arp spoofing
- Prevent arp spoofing configuration
- Prevent arp spoofing example
- Introduction to arp guard
- Arp guard
- Introduction to arp local proxy function
- Arp local proxy
- Arp guard configuration task list
- Typical examples of arp local proxy function
- Arp local proxy function configuration task
- Introduction to gratuitous arp
- Gratuitous arp configuration task list
- Gratuitous arp
- Arp local proxy function troubleshooting
- Gratuitous arp configuration example
- Configuration
- Introduction to dynamic arp inspection
- Gratuitous arp troubleshooting
- Dynamic arp inspection configuration task
- Dynamic arp inspection
- Example
- Dynamic arp inspection configuration
- Keepalive gateway configuration task list
- Keepalive gateway
- Introduction to keepalive gateway
- Keepalive gateway example
- Kepalive gteway troubleshooting
- Introduction to dhcp
- Dhcp server configuration
- Dhcp relay configuration
- Dhcp configuration examples
- Dhcp option 82
- Introduction to dhcp option 82
- Dhcp troubleshooting
- Option 82 working mechanism
- Dhcp option 82 message structure
- Dhcp option 82 configuration task list
- Dhcp option 82 application examples
- Introduction to dhcp snooping
- Dhcp snooping
- Dhcp option 82 troubleshooting
- Dhcp snooping configuration task sequence
- Dhcp snooping typical application
- Dhcp snooping troubleshooting help
- Task list
- Introduction to dhcp option 60 and option 43
- Dhcp option 60 and option 43 configuration
- Dhcp option 60 and option 43
- Dhcpv6 option 60 and option 43 example
- Dhcp option 60 and option 43 troubleshooting
- Routing protocol overview
- Configuration
- Chapter 4 routing protocol related
- Routing table
- Ip routing policy
- Ip routing policy configuration task list
- Configuration examples
- Troubleshooting
- Static route
- Introduction to static route
- Introduction to default route
- Static route configuration task list
- Static route configuration examples
- Introduction to black hole routing
- Ipv4 black hole routing
- Ipv4 black hole routing configuration task
- Black hole routing configuration exmaples
- Introduction to ecmp
- Black hole routing troubleshooting
- Ecmp typical example
- Ecmp configuration task list
- Static route implements ecmp
- Ospf implements ecmp
- Ecmp troubleshooting
- Introduction to bfd
- Bfd configuration task list
- Examples of bfd
- Example for linkage of bfd and rip route
- Example for linkage of bfd and vrrp
- Bfd troubleshooting
- Multicast
- Introduction to multicast
- Configuration
- Chapter 5 multicast protocol related
- Multicast address
- Ip multicast packet transmission
- Ip multicast application
- Introduction to igmp
- Igmp configuration task list
- Igmp configuration examples
- Introduction to igmp snooping
- Igmp troubleshooting
- Igmp snooping configuration task list
- Igmp snooping
- Igmp snooping examples
- Igmp proxy
- Introduction to igmp proxy
- Igmp snooping troubleshooting
- Igmp proxy configuration task list
- Igmp proxy examples
- Multicast vlan
- Introductions to multicast vlan
- Igmp proxy troubleshooting
- Multicast vlan configuration task list
- Multicast vlan examples
- Introduction to acl
- Configuration
- Chapter 6 security function
- Acl configuration task list
- Acl example
- Acl troubleshooting
- Introduction to 802 x
- The work mechanism of 802 x
- The encapsulation of eapol messages
- The encapsulation of eap attributes
- The authentication methods of 802 x
- Eap relay mode
- Eap termination mode
- The extension and optimization of 802 x
- The features of vlan allocation
- X configuration task list
- X application example
- Examples of ipv4 radius applications
- Examples of ipv6 radius application
- X troubleshooting
- Port vlan
- Of mac and ip in port vlan
- Introduction to the number limitation function
- The number limitation function of mac and ip in
- The number limitation function of mac and ip in
- Port vlan configuration task sequence
- The number limitation function of mac and ip in
- Port vlan typical examples
- The number limitation function of mac and ip in
- Port vlan troubleshooting help
- Introduction to am function
- Am function configuration task list
- Am function example
- Am function troubleshooting
- Tacacs configuration task list
- Tacacs
- Introduction to tacacs
- Tacacs scenarios typical examples
- Introduction to radius
- Tacacs troubleshooting
- Radius
- Radius configuration task list
- Radius typical examples
- Ipv4 radius example
- Ipv6 radiusexample
- Radius troubleshooting
- Introduction to ssl
- Basic element of ssl
- Ssl configuration task list
- Ssl typical example
- Ssl troubleshooting
- Vlan acl
- Introduction to vlan acl
- Vlan acl configuration task list
- Vlan acl configuration example
- Vlan acl troubleshooting
- Mab configuration task list
- Introduction to mab
- Mab example
- Switch2
- Switch1
- Pppoe intermediate agent
- Mab troubleshooting
- Introduction to pppoe intermediate agent
- Pppoe packet format
- Pppoe intermediate agent exchange process
- Trust port of pppoe intermediate agent
- Pppoe intermediate agent vendor tag frame
- Pppoe intermediate agent configuration task
- Pppoe intermediate agent typical application
- Captive portal authentication
- Pppoe intermediate agent troubleshooting
- Captive portal authentication configuration
- Captive portal authentication configuration
- Captive portal authentication examples
- Accounting function configuration
- Accounting function examples
- Switch1
- Switch
- Accounting function troubleshooting
- Free resource configuration
- Automatic page pushing after successful
- Authentication
- Automatic page pushing after successful
- Authentication example
- Authentication configuration
- Authentication troubleshooting
- Automatic page pushing after successful
- Introduction to qos
- Qos implementation
- Basic qos model
- Prio means to the obtainable int prio in classification flow or int prio set by the unrelated
- Note 2 drop the internal priority of the packets according to intp to intp map source int
- Note 1 int prio will be covered with the after setting set int prio of the specific color
- Figure 6 39 policing and remarking process
- Action with the color
- Action will cover set int prio of the unrelated action with the color
- And dscp value according to pass through cos pass through dscp
- Note 1 the ingress configures pass through cos pass through dscp to forbid the
- Internal priority and then forward the packets according to the priority queue weight and
- Figure 6 40 queuing and scheduling process
- Configure class map
- Algorith
- Value according to the final int prio of the packets decide whether rewrite l2 cos priority
- The drop precedence the following flowchart describes the scheduling operation
- Scheduling operation assigns the packets to different priority queues according to the
- Rewrite of l2 cos priority and dscp value at the egress obtain l2 cos priority and dscp
- Queuing and scheduling there are the internal priority for the egress packets the
- Queue management
- Qos configuration task list
- Qos example
- Qos troubleshooting
- Introduction to flow based redirection
- Flow based redirection
- Sequence
- Flow based redirection configuration task
- Flow based redirection troubleshooting help
- Flow based redirection examples
- Egress qos
- Introduction to egress qos
- Tos cos fields
- Sort packet traffic according to the
- Policy of egress
- Policy
- Packets
- Ingress egress
- Dual color or dual
- Drop different color
- Egress qos configuration
- Set egress cos mapping no
- Configuration
- Command resotores the default
- Egress qos examples
- Flexible qinq
- Egress qos troubleshooting help
- Introduction to flexible qinq
- Flexible qinq configuration task list
- Flexible qinq example
- Flexible qinq troubleshooting
- Introduction to mstp
- Chapter 7 reliability configuration
- Operations within an mstp region
- Operations between mst regions
- Port roles
- Mstp load balance
- Mstp configuration task list
- Mstp example
- Mstp troubleshooting
- Introduction to mrpp
- Mrpp protocol packet types
- Mrpp protocol operation system
- Mrpp configuration task list
- Mrpp typical scenario
- Mrpp troubleshooting
- Introduction to ulpp
- Ulpp configuration task list
- Ulpp typical examples
- Ulpp typical example1
- Ulpp typical example2
- Ulpp troubleshooting
- Introduction to ulsm
- Ulsm configuration task list
- Ulsm typical example
- Ulsm troubleshooting
- Introduction to erps
- Erps terminology
- Erps function
- Fault switchover
- Failure recovery
- Interconnection ring model
- Erps application
- Erps configuration
- Erps examples
- Erps troubleshooting
- Traceroute
- Monitor and debug
- Configuration
- Chapter 8 debugging and diagnosis
- Traceroute6
- Reload switch after specified time
- Reload switch after specifid time task list
- Logging
- Introduce to reload switch after specifid time
- Packets received and sent by cpu
- Introduction to debugging and diagnosis for
- Debugging and diagnosis for packets received
- And sent by cpu task list
- And sent by cpu
- Introduction to copp
- Copp configuration
- Copp configuration examples
- Copp configuration troubleshooting
- Source information format
- Priority
- Timestamp
- The content indicates the specific contents of the
- System information configure sequence
- Instructions
- Logbuffer output log
- Trapbuffer output log
- Loghost output log
- Record user operation commands
- Logfile output log
- Delete logs recorded by logbuffer or trapbuffer
- Erratum
- Mirror configuration task list
- Mirror
- Introduction to mirror
- Mirror examples
- Device mirror troubleshooting
- Introduction to rspan
- Rspan configuration task list
- Typical examples of rspan
- Rspan troubleshooting
- Introduction to sflow
- Sflow configuration task list
- Sflow examples
- Sflow troubleshooting
- Introduction to sntp
- Configuration
- Chapter 9 network time management
- Typical examples of sntp configuration
- Ntp function configuration task list
- Introduction to ntp function
- Typical examples of ntp function
- Ntp function troubleshooting
- Introduction to dns
- Dnsv4 v6
- Dnsv4 v6 configuration task list
- Typical examples of dns
- Dns troubleshooting
- Recorded message to the technical service center of our company
- Summer time configuration task sequence
- Summer time
- Introduction to summer time
- Examples of summer time
- Summer time troubleshooting
- Chapter 10 virtualization configuration
- Basic concept
- Glossary
- Vsf typical application
- Lacp mad
- Bfd mad
- Relevant vsf configuration
- Lacp mad configuration
- Bfd mad configuration
- Typical vsf example
- Vsf troubleshooting
- Introduction to dhcpv6
- Dhcpv6
- Chapter 11 ipv6 configuration
- Dhcpv6 server configuration
- Dhcpv6 relay delegation configuration
- Dhcpv6 prefix delegation server configuration
- Dhcpv6 prefix delegation client configuration
- Dhcpv6 configuration examples
- Introduction to dhcpv6 option37 38
- Dhcpv6 troubleshooting
- Dhcpv6 option37 38
- Dhcpv6 option37 38 configuration task list
- Dhcpv6 option37 38 examples
- Dhcpv6 relay option37 38 example
- Dhcpv6 option37 38 troubleshooting
- Prevent nd spoofing configuration
- Prevent nd spoofing
- Overview
- Prevent nd spoofing example
- Ipv6 black hole routing configuration task
- Ipv6 black hole routing
- Introduction to black hole routing
- Black hole routing configuration exmaples
- Black hole routing troubleshooting
- Ipv6 multicast protocol
- Mld configuration task list
- Mld typical application
- Mld troubleshooting help
- Mld snooping
- Mld snooping examples
- Mld snooping troubleshooting
- Ipv6 security ra configuration task sequence
- Ipv6 security ra
- Introduction to ipv6 security ra
- Ipv6 security ra typical examples
- Ipv6 security ra troubleshooting help
- Savi configuration
- Introduction to savi
- Savi typical application
- Enable
- Switch1 config
- Respectively connect with port ethernet1 0 12 of switch1 and port ethernet1 0 13 of
- Ethernet1 0 2 are uplink ports of switch1 and switch2 respectively enable dhcp trust
- Configuration steps of savi dhcp slaac scene
- Client_1 and client_2 means two different user s pc installed ipv6 protocol
- And nd trust functions aggregation switch3 enables dhcpv6 server function and route
- Advertisement function
- Switch2 and enable the source address check function of savi ethernet1 0 1 and
- Switch1 config savi ipv6 dhcp slaac enable
- Switch1 config savi enable
- Switch1 config savi check binding probe mode
- Switch1 config interface ethernet1 0 1
- Switch1 config if ethernet1 0 1 ipv6 nd snooping trust
- Switch1 config if ethernet1 0 1 ipv6 dhcp snooping trust
- Savi troubleshooting
Похожие устройства
-
SNR S2985G-8T-RPSРуководство по настройке -
SNR S2985G-8T-RPSТехническое Описание -
SNR S2985G-8T-UPSРуководство по настройке
-
SNR S2985G-8T-UPSТехническое Описание
-
SNR S2982G-24TРуководство по настройке -
SNR S2982G-24TТехническое Описание -
SNR SNR-S2985G-8TРуководство по настройке
-
SNR SNR-S2985G-8TТехническое Описание
-
SNR S2985G-24TC-DCРуководство по настройке
-
SNR S2985G-24TC-DCТехническое Описание
-
SNR S2989G-48TX-DCРуководство по Настройке -
SNR S2989G-48TX-DCТехническое Описание
Узнайте, как настроить DHCP Snooping для защиты от подделки серверов и атак на сеть. Обеспечьте безопасность и контроль доступа к ресурсам с помощью эффективных методов.