Ip-Mac-Port Binding (Impb) (Ei Mode Only); Impb Global Settings - D-Link DGS-3120-24TC Product Manual

xStack® DGS-3120 Series Managed Switch Web UI Reference Guide
MalformedResponses
BadAuthenticators
PendingRequests
Timeouts
UnknownTypes
PacketsDropped
Click the Clear button to clear the current statistics shown.

IP-MAC-Port Binding (IMPB) (EI Mode Only)

The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these
two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC-
port binding is to restrict the access to a switch to a number of authorized users. Authorized clients can access a
switch's port by either checking the pair of IP-MAC addresses with the pre-configured database or if DHCP
snooping has been enabled in which case the switch will automatically learn the IP/MAC pairs by snooping DHCP
packets and saving them to the IMPB white list. If an unauthorized user tries to access an IP-MAC binding enabled
port, the system will block the access by dropping its packet. For the xStack
and inactive entries use the same database. The maximum number of entries is 510. The creation of authorized
users can be manually configured by CLI or Web. The function is port-based, meaning a user can enable or disable
the function on the individual port.

IMPB Global Settings

Users can enable or disable the Trap/Log State and DHCP Snoop state on the Switch. The Trap/Log field will
enable and disable the sending of trap/log messages for IP-MAC-port binding. When enabled, the Switch will send
a trap message to the SNMP agent and the Switch log when an ARP packet is received that doesn't match the IP-
MAC-port binding configuration set on the Switch.
To view this window, click Security > IP-MAC-Port Binding (IMPB) > IMPB Global Settings as shown below:
The fields that can be configured are described below:
Parameter
Trap / Log
The number of malformed RADIUS Accounting-Response packets received from this
server. Malformed packets include packets with an invalid length. Bad authenticators
and unknown types are not included as malformed accounting responses.
The number of RADIUS Accounting-Response packets, which contained invalid
authenticators, received from this server.
The number of RADIUS Accounting-Request packets sent to this server that have not
yet timed out or received a response. This variable is incremented when an
Accounting-Request is sent and decremented due to receipt of an Accounting-
Response, a timeout or a retransmission.
The number of accounting timeouts to this server. After a timeout the client may retry
to the same server, send to a different server, or give up. A retry to the same server is
counted as a retransmit as well as a timeout. A send to a different server is counted
as an Accounting-Request as well as a timeout.
The number of RADIUS packets of unknown type which were received from this
server on the accounting port.
The number of RADIUS packets, which were received from this server on the
accounting port and dropped for some other reason.
Figure 8–19 IMPB Global Settings
Description
Click the radio buttons to enable or disable the sending of trap/log messages for IP-
MAC-port binding. When Enabled, the Switch will send a trap message to the SNMP
agent and the Switch log when an ARP packet is received that doesn't match the IP-
®
DGS-3120 series of switches, active
209