TP-Link T1700X-16TS User Manual page 207

Jetstream 12-port 10gbase-t smart switch with 4 10g sfp+ slots

Hide thumbs Also See for T1700X-16TS:

Installation manual (28 pages)

Installation manual (24 pages)

Installation manual (20 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

page of 281

/ 281
Contents
Table of Contents
Bookmarks

Table of Contents

Option 82 can contain 255 sub-options at most. If Option 82 is defined, at least a sub-option

should be defined. This switch supports two sub-options: Circuit ID and Remote ID. Since there is

no universal standard about the content of Option 82, different manufacturers define the

sub-options of Option 82 to their need. For this switch, the sub-options are defined as the following:

The Circuit ID is defined to be the number of the port which receives the DHCP Request packets

and its VLAN number. The Remote ID is defined to be the MAC address of DHCP Snooping

device which receives the DHCP Request packets from DHCP Clients.

DHCP Cheating Attack



During the working process of DHCP, generally there is no authentication mechanism between

Server and Client. If there are several DHCP servers in the network, network confusion and

security problem will happen. The common cases incurring the illegal DHCP servers are the

following two:

(1)

It's common that the illegal DHCP server is manually configured by the user by mistake.

(2)

Hacker exhausted the IP addresses of the normal DHCP server and then pretended to be

a legal DHCP server to assign the IP addresses and the other parameters to Clients. For

example, hacker used the pretended DHCP server to assign a modified DNS server

address to users so as to induce the users to the evil financial website or electronic trading

website and cheat the users of their accounts and passwords. The following figure

illustrates the DHCP Cheating Attack implementation procedure.

Figure 12-7 DHCP Cheating Attack Implementation Procedure

DHCP Snooping feature only allows the port connected to the DHCP Server as the trusted port to

forward all types of DHCP packets and thereby ensures that users get proper IP addresses. DHCP

Snooping is to monitor the process of the Host obtaining the IP address from DHCP server, and

record the IP address, MAC address, VLAN and the connected Port number of the Host for

automatic binding. The bound entry can cooperate with the ARP Inspection and the other security

protection features. DHCP Snooping feature prevents the network from the DHCP Server

Cheating Attack by discarding the DHCP response packets on the distrusted port, so as to

enhance the network security.

195

Table of Contents

TP-Link T1700X-16TS User Manual page 207

Related Manuals for TP-Link T1700X-16TS

Related Products for TP-Link T1700X-16TS

Table of Contents