Enterasys Enterasys SecureStack B2 B2G124-24 Dokumentacja Strona 493
- Strona / 600
- Spis treści
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
SecureStack B2 Configuration Guide 18-1
18
DHCP Snooping and
Dynamic ARP Inspection
Thischapterdescribestwosecurityfeatures:
•DHCPsnooping,whichmonitorsDHCPmessagesbetweenaDHCPclientandDHCPserver
tofilterharmfulDHCPmessagesandtobuildadatabaseofauthorizedaddressbindings
• DynamicARPinspection,whichusesthebindingsdatabasecreatedbytheDHCPsnooping
featuretorejectinvalidand
maliciousARPpackets
DHCP Snooping Overview
DHCPsnoopingmonitorsDHCPmessagesbetweenDHCPclientsandDHCPserverstofilter
harmfulDHCPmessagesandtobuildabindingsdatabaseof{MACaddress,IPaddress,VLAN
ID,port}tuplesthatareconsideredauthorized.
DHCPsnoopingisdisabledgloballyandonallVLANsbydefault.Portsareuntrustedbydefault.
DHCPsnoopingmustbeenabledgloballyandonspecificVLANs.PortswithintheVLANsmust
beconfiguredastrustedoruntrusted.DHCPserversmustbereachedthroughtrustedports.
DHCPsnoopingenforcesthefollowingsecurityrules:
•DHCPpacketsfromaDHCPserver(DHCPOFFER,DHCPACK,DHCPNAK)aredroppedif
receivedonanuntrustedport.
•DHCPRELEASEandDHCPDECLINEmessagesaredroppediftheyareforaMACaddress
inthesnoopingdatabasebutthebindingʹsinterfaceinthedatabaseisdifferentfromthe
interfacewherethemessagewasreceived.
•Onuntrustedinterfaces,theswitchdropsDHCPpacketswhosesource
MACaddressdoesnot
matchtheclienthardwareaddress.Thisfeatureisaconfigurableoption.
DHCP Message Processing
ThehardwareidentifiesallincomingDHCPpacketsonportswhereDHCPsnoopingisenabled.
Onuntrustedports,thehardwaretrapsallincomingDHCPpacketstotheCPU.Ontrustedports,
For information about... Refer to page...
DHCP Snooping Overview 18-1
DHCP Snooping Commands 18-4
Dynamic ARP Inspection Overview 18-16
Dynamic ARP Inspection Commands 18-20
- Enterasys 1
- SecureStack 1
- Contents 7
- Chapter 7: Port Configuration 10
- Chapter 8: SNMP Configuration 12
- About This Guide 27
- Related Documents 28
- Getting Help 29
- Introduction 31
- Factory Default Settings 32
- 1-4 Introduction 34
- Starting a CLI Session 35
- Logging In 36
- CLI Command Modes 37
- Performing Keyword Lookups 37
- Displaying Scrolling Screens 38
- Basic Line Editing Commands 39
- 1-10 Introduction 40
- Important 42
- Feature Support 45
- Configuration 45
- 3-4 Basic Configuration 56
- 3-6 Basic Configuration 58
- 3-8 Basic Configuration 60
- B2(rw)->clear ip address 64
- B2(su)->show ip protocol 64
- 3-18 Basic Configuration 70
- B2(su)->show time 71
- THU SEP 05 09:21:57 2002 71
- B2(su)->set time 7:50:00 71
- 3-20 Basic Configuration 72
- _minutes] 73
- timeofonehour: 73
- 02:00 60 74
- B2(su)->clear summertime 74
- 3-24 Basic Configuration 76
- 3-26 Basic Configuration 78
- B2(su)->set width 50 80
- B2(su)->set length 50 80
- B2(su)->set logout 10 81
- Downloading a Firmware Image 82
- 3-32 Basic Configuration 84
- Reverting to a Previous Image 85
- 3-34 Basic Configuration 86
- 3-36 Basic Configuration 88
- 3-40 Basic Configuration 92
- 3-42 Basic Configuration 94
- 3-44 Basic Configuration 96
- B2(rw)->set tftp retry 3 98
- B2(rw)-> clear tftp retry 98
- Clearing and Closing the CLI 99
- Resetting the Switch 100
- Using and Configuring WebView 102
- B2(rw)->show webview 103
- WebView is Enabled 103
- 3-52 Basic Configuration 104
- 3-54 Basic Configuration 106
- Activating Licensed Features 107
- Commands 108
- Parameters 109
- Defaults 109
- Policy licensedfeature: 111
- Configuring CDP 119
- Examples 121
- Overview 131
- Configuration Tasks 132
- Port Configuration 149
- Reviewing Port Status 151
- 7-8 Port Configuration 156
- Setting Speed and Duplex Mode 158
- 7-12 Port Configuration 160
- 7-14 Port Configuration 162
- 7-16 Port Configuration 164
- 166
- Setting Flow Control 167
- 7-22 Port Configuration 170
- 7-26 Port Configuration 174
- 7-28 Port Configuration 176
- Port Mirroring 181
- 7-36 Port Configuration 184
- LACP Operation 186
- LACP Terminology 187
- 7-44 Port Configuration 192
- 7-46 Port Configuration 194
- Configuring Protected Ports 200
- 7-54 Port Configuration 202
- 7-56 Port Configuration 204
- SNMP Configuration 205
- SNMP Configuration Summary 206
- 8-2 SNMP Configuration 206
- Reviewing SNMP Statistics 207
- 8-6 SNMP Configuration 210
- 8-10 SNMP Configuration 214
- 8-12 SNMP Configuration 216
- 8-14 SNMP Configuration 218
- 8-18 SNMP Configuration 222
- Configuring SNMP MIB Views 223
- 8-24 SNMP Configuration 228
- 8-26 SNMP Configuration 230
- About SNMP Notify Filters 232
- 8-30 SNMP Configuration 234
- 8-32 SNMP Configuration 236
- 8-34 SNMP Configuration 238
- Row status = active 240
- 8-38 SNMP Configuration 242
- Spanning Tree Configuration 243
- Spanning Tree Features 244
- Loop Protect 244
- Force Version is mstp 250
- BPDU forwarding is disabled 251
- Spanguard is disabled 267
- Spanguard timeout: 300 269
- Port fe.1.1 is Unlocked 270
- Legacy Path Cost is disabled 273
- 802.1Q VLAN Configuration 297
- Viewing VLANs 298
- B2(su)->clear vlan 9 302
- Setting the Host VLAN 314
- B2(su)->set host vlan 7 315
- B2(su)->clear host vlan 315
- How It Works 316
- Purpose 317
- Configuring Policy Profiles 341
- About CoS-Based Flood Control 359
- B2(rw)->show cos state 361
- B2(su)->clear cos state 362
- 368
- B2(su)->show cos unit irl 374
- Configuring Port Priority 377
- IGMP Configuration 391
- Configuring IGMP at Layer 2 392
- 14-4 IGMP Configuration 394
- 14-6 IGMP Configuration 396
- 14-8 IGMP Configuration 398
- 14-10 IGMP Configuration 400
- Configuring System Logging 401
- Table 15-35 406
- B2(su)->show history 413
- History buffer size: 20 413
- B2(su)->set history 30 413
- [-d] [-n] [-v] host 419
- B2(su)->show mac agetime 422
- Aging time: 300 seconds 422
- B2(su)->clear mac agetime 423
- B2(su)->clear sntp client 430
- asan SNTPserver: 430
- fromtheSNTPserverlist: 431
- fromUTC 433
- Configuring Node Aliases 435
- RMON Configuration 439
- Design Considerations 440
- Statistics Group Commands 441
- 16-4 RMON Configuration 442
- History Group Commands 444
- Alarm Group Commands 447
- 16-12 RMON Configuration 450
- Event Group Commands 451
- Filter Group Commands 455
- Example 456
- "capture all" 457
- Packet Capture Commands 460
- 16-24 RMON Configuration 462
- DHCP Server Configuration 463
- Configuring a DHCP Server 464
- B2(rw)->set dhcp enable 466
- Configuring IP Address Pools 473
- DHCP Snooping and 493
- Dynamic ARP Inspection 493
- DHCP Snooping Overview 494
- Rate Limiting 495
- Basic Configuration 495
- DHCP Snooping Commands 496
- Functional Description 508
- Static Mappings 509
- Logging Invalid Packets 509
- Packet Forwarding 509
- Example Configuration 511
- DHCP Snooping Configuration 512
- Configuring RADIUS 527
- B2(su)->set eapol enable 543
- Switchcommand,read‐write 556
- Configuring MAC Locking 574
- About PWA 585
- B2(su)->clear pwa banner 589
- Guest Password: ********* 592
- B2(su)->set ssh disable 598
- Index -1 599
- Index - 2 600
Powiązane produkty i podręczniki dla Switche sieciowe Enterasys Enterasys SecureStack B2 B2G124-24
(7 strony)
Switche sieciowe Enterasys 9A686-04 Dokumentacja
(82 strony)
(82 strony)
© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.075 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji