Manualshelf

User's Manual

ManualsBrandsPLANET Technology ManualsLAN SwitchesLayer 3 48-Port 10G SFP+ + 2-Port 40G QSFP+ + 4-Port 100G QSFP28 Managed Switch
141142143144145146147148149150
150
the DHCP request packet is then thought as a fake packet which is used as the attack packet for DHCP
DOS and then the switch will drop it.
When dynamic ARP monitoring is conducted in all physical ports of a VLAN, a received ARP packet
will be rejected if the source MAC address and the source IP address of this packet do not match up
with the configured MAC-IP binding relationship. The binding relationship on an interface can be
dynamically bound by DHCP or configured manually. If no MAC addresses are bound to IP addresses
on a physical interface, the switch rejects forwarding all ARP packets.
After source IP address monitoring is enabled in a VLAN, IP packets received from all physical ports
in the VLAN will be rejected if their source MAC addresses and source IP addresses do not match up
with the configured MAC-to-IP binding relationship. The binding relationship on an interface can be
dynamically bound by DHCP or configured manually. If no MAC addresses are bound to IP addresses
on a physical interface, the switch rejects forwarding all IP packets received from the physical interface.
15.13.3 DHCP Snooping Interface Attribute Configuration
If you click Layer-2 Config -> DHCP Snooping Config -> DHCP Snooping Interface Config on the
navigation bar, the DHCP Snooping Interface Config page appears.
If an interface is set to be a DHCP-trusting interface, the DHCP packets received from this interface will
not be checked.
ARP monitoring is not enabled on those trusted interfaces. The interfaces are distrusted ones by default.
The source address detection function will not be enabled for the IP source address trust interface.
15.13.4 DHCP Snooping Manual Binding Configuration
If you click Layer-2 Config -> DHCP Snooping Config -> DHCP Interface Binding List Manual
Config on the navigation bar, the DHCP Manual Port List page appears.
If a host does not obtain the address through DHCP, you can add the binding item on an interface
of a switch to enable the host to access the network. You can run no ip source binding MAC IP to delete
items from the corresponding binding list.
Note that the manually-configured binding items have higher priority than the dynamically-
configured binding items. If the manually-configured binding item and the dynamically-configured binding
item have the same MAC address, the manually-configured one updates the dynamically-configured
one. The interface binding item takes the MAC address as the unique index. The interface binding item