Igmp Access Control Settings - D-Link DGS-3000 series Reference Manual

DGS-3000 Series Layer 2 Managed Gigabit Switch Web UI Reference Guide
TCP Null Scan
TCP Xmascan
TCP SYNFIN
TCP SYN Src Port Less
1024
Ping Death Attack
All
State
Action
DoS Trap State
DoS Log State
Click the Apply button to accept the changes made for each individual section.
Click the View Detail link to view more information regarding the specific entry.
After clicking the View Detail

IGMP Access Control Settings

Users can set IGMP authentication, otherwise known as IGMP access control, on individual ports on the Switch.
When the Authentication State is Enabled, and the Switch receives an IGMP join request, the Switch will send
the access request to the RADIUS server to do the authentication.
IGMP authentication processes IGMP reports as follows: When a host sends a join message for the interested
multicast group, the Switch has to do authentication before learning the multicast group/port. The Switch sends an
Access-Request to an authentication server and the information including host MAC, switch port number, switch IP,
and multicast group IP. When the Access-Accept is answered from the authentication server, the Switch learns the
multicast group/port. When the Access-Reject is answered from the authentication server, the Switch won't learn
the multicast group/port and won't process the packet further. The entry (host MAC, switch port number, and
multicast group IP) is put in the "authentication failed list." When there is no answer from the authentication server
after T1 time, the Switch resends the Access-Request to the server. If the Switch doesn't receive a response after
N1 times, the result is denied and the entry (host MAC, switch port number, multicast group IP) is put in the
"authentication failed list." In general case, when the multicast group/port is already learned by the switch, it won't
do the authentication again. It only processes the packet as standard.
IGMP authentication processes IGMP leaves as follows: When the host sends leave message for the specific
multicast group, the Switch follows the standard procedure for leaving a group and then sends an Accounting-
Request to the accounting server for notification. If there is no answer from the accounting server after T2 time, the
Switch resends the Accounting-Request to the server. The maximum number of retry times is N2.
To view this window, click Security > IGMP Access Control Settings as shown below:
Tick to check whether a received TCP packet contains a sequence number of 0 and
no flags
Tick to check whether a received TCP packet contains URG, Push and FIN flags.
Tick to check whether a received TCP packet contains FIN and SYN flags.
Tick to check whether the TCP packets source ports are less than 1024 packets.
Tick to detect whether received packets are fragmented ICMP packets.
Tick to select all DoS attack types.
Select to enable or disable DoS attack prevention.
Select the action to be taken when detecting the attack.
Select to enable or disable DoS prevention trap state.
Select to enable or disable DoS prevention log state.
link, the following page will appear:
Figure 8-79 DoS Attack Prevention Detail - View Detail window
246