Arp Inspection - TP-Link T1600G-18TS Configuration Manual

Configuring Network Security Network Security
Figure 1-1 Network Topology of Basic DHCP Security
Legal DHCP Server
Trusted Port
Untrusted Port
Untrusted Port
Switch
Clients Illegal DHCP Server
Additionally, with DHCP Snooping, the switch can monitor the IP address obtaining process
of each client host and record the IP address, MAC address, VLAN ID and the connected
port number of the host for automatic binding.
 Option 82
Option 82 records the location of the DHCP client. The switch can add option 82 to the
DHCP request packet and then transmit the packet to the DHCP server. Administrators can
check the location of the DHCP client via option 82. The DHCP server supporting option 82
can also set the distribution policy of IP addresses and the other parameters, providing a
more flexible address distribution way.

ARP Inspection

In an actual complex network, there are high security risks during ARP implementation
procedure. The cheating attacks against ARP, such as imitating gateway, cheating gateway,
cheating terminal hosts and ARP flooding attack, frequently occur to the network. ARP
Inspection can prevent the network from these ARP attacks.
 Prevent ARP Cheating Attacks
Based on the predefined IP-MAC Binding entries, the ARP Inspection can be configured to
detect the ARP packets and filter the illegal ones so as to prevent the network from ARP
cheating attacks.
Configuration Guide 541