Impb Global Settings - D-Link xStack Reference Manual
Web ui reference guide layer 2 managed gigabit ethernet switch
Hide thumbs
Also See for xStack:
- Reference manual (1284 pages) ,
- User manual (357 pages) ,
- Hardware installation manual (71 pages)
Table of Contents
Advertisement
®
xStack
DGS-3200 Series Layer 2 Managed Gigabit Ethernet Switch Web UI Reference Guide
DHCP Snooping Option
If DHCP snooping is enabled, the switch learns IP-MAC pairs by snooping DHCP packets automatically and then saving them to
the IP-MAC-Port Binding white list. This enables a hassle-free configuration because the administrator does not need to manually
enter each IMPB entry. A prerequisite for this is that the valid DHCP server's IP-MAC pair must be on the switch's IMPB list;
otherwise the DHCP server packets will be dropped. DHCP snooping is generally considered to be more secure because it
enforces all clients to acquire IP through the DHCP server.
An example of DHCP snooping in which PC-A and PC-B get their IP addresses from a DHCP server is depicted below. The
switch snoops the DHCP conversation between PC-A, PC-B, and the DHCP server. The IP address, MAC address, and connecting
ports of both PC-A and PC-B are learned and stored in the switch's IMPB white list. Therefore, these PCs will be able to connect
to the network. Then there is PC-C, whose IP address is manually configured by the user. Since this PC's IP-MAC pair does not
match the one on Switch's IMPB white list, traffic from PC-C will be blocked.
Doesn't match the
White List block PC-C
DHCP Server
Address Learning
192.168.1.1
192.168.1.2
The IP-MAC-Port Binding (IMPB) folder contains five windows: IMPB Global Settings, IMPB Port Settings, IMPB Entry
Settings, DHCP Snooping Entries, and MAC Blocked List.
IMPB Global Settings
Users can enable or disable the global IMPB settings: Trap Log State and DHCP Snoop state, on the Switch.
The Trap/Log field will enable and disable the sending of trap log messages for IP-MAC binding. When enabled, the Switch will
send a trap message to the SNMP agent and the Switch log when an ARP packet is received that doesn't match the IP-MAC
binding configuration set on the Switch.
The DHCP Snoop State field will enable and disable the DHCP Snooping option.
To view the following window, click Security > IP-MAC-Port Binding (IMPB) > IMPB Global Settings:
IMP Binding Enabled
White List
00E0-0211-111
Port 1
00E0-0211-222
Port 2
Figure 6 - 5. Example of DHCP Snooping
Figure 6 - 6. IMPB Global Settings window
PC-A
192.168.1.1
00E0-0211-1111
PC-B
192.168.1.2
(IP assigned by DHCP for
00E0-0211-2222
PC-C
192.168.1.1
00E0-0211-3333
(IP manually configured by user)
133
PC-A and PC-B)
Advertisement
Table of Contents
