D-Link xStack User Manual page 238

xStack
The following fields can be set or modified:
Parameter
From Port/To Port
State
®
DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch
Figure 6 - 6 IMP Port Settings window
Description
Select a port or range of ports to set for IP-MAC Binding.
Use the pull-down menu to enable or disable these ports for IP-MAC Binding.
Enabled Strict – This state provides a stricter method of control. If the user selects this mode,
all packets are blocked by the Switch by default. The Switch will compare all incoming ARP
and IP Packets and attempt to match them against the IMPB white list. If the IP-MAC pair
matches the white list entry, the packets from that MAC address are unblocked. If not, the
MAC address will stay blocked. While the Strict state uses more CPU resources from checking
every incoming ARP and IP packet, it enforces better security and is thus the recommended
setting.
Enabled Loose – This mode provides a looser way of control. If the user selects loose mode,
the Switch will forward all packets by default. However, it will still inspect incoming ARP
packets and compare them with the Switch's IMPB white list entries. If the IP-MAC pair of a
packet is not found in the white list, the Switch will block the MAC address. A major benefit of
Loose state is that it uses less CPU resources because the Switch only checks incoming ARP
packets. However, it also means that Loose state cannot block users who send only unicast IP
packets. An example of this is that a malicious user can perform DoS attacks by statically
configuring the ARP table on their PC. In this case, the Switch cannot block such attacks
227