Operation Manual

ManualsBrandsTP-LINK ManualsComputersT2500-28TC-TL-SL5428E

241

242

243

244

245

246

247

248

249

250

Table Of Contents

Package Contents
Chapter 1 About This Guide
- 1.1 Intended Readers
- 1.2 Conventions
- 1.3 Overview of This Guide
Chapter 2 Introduction
- 2.1 Overview of the Switch
- 2.2 Appearance Description
  - 2.2.1 Front Panel
  - 2.2.2 Rear Panel
Chapter 3 Login to the Switch
- 3.1 Login
- 3.2 Configuration
Chapter 4 System
- 4.1 System Info
- 4.2 User Management
  - 4.2.1 User Table
  - 4.2.2 User Config
- 4.3 System Tools
- 4.4 Access Security
Chapter 5 Switching
- 5.1 Port
- 5.2 DDM
- 5.3 LAG
- 5.4 Traffic Monitor
  - 5.4.1 Traffic Summary
  - 5.4.2 Traffic Statistics
- 5.5 MAC Address
Chapter 6 VLAN
- 6.1 802.1Q VLAN
  - 6.1.1 VLAN Config
  - 6.1.2 Port Config
- 6.2 MAC VLAN
  - 6.2.1 MAC VLAN
  - 6.2.2 Port Enable
- 6.3 Protocol VLAN
- 6.4 Application Example for 802.1Q VLAN
- 6.5 Application Example for MAC VLAN
- 6.6 Application Example for Protocol VLAN
- 6.7 VLAN VPN
- 6.8 Private VLAN
  - 6.8.1 PVLAN Config
  - 6.8.2 Port Config
- 6.9 GVRP
- 6.10 Application Example for Private VLAN
Chapter 7 Spanning Tree
- 7.1 STP Config
  - 7.1.1 STP Config
  - 7.1.2 STP Summary
- 7.2 Port Config
- 7.3 MSTP Instance
- 7.4 STP Security
  - 7.4.1 Port Protect
  - 7.4.2 TC Protect
- 7.5 Application Example for STP Function
Chapter 8 Ethernet OAM
- 8.1 Basic Config
  - 8.1.1 Basic Config
  - 8.1.2 Discovery Info
- 8.2 Link Monitoring
- 8.3 RFI
- 8.4 Remote Loopback
- 8.5 Statistics
  - 8.5.1 Statistics
  - 8.5.2 Event Log
- 8.6 DLDP
- 8.7 Application Example for DLDP
Chapter 9 DHCP
- 9.1 DHCP Relay
Chapter 10 Multicast
- 10.1 IGMP Snooping
- 10.2 MLD Snooping
- 10.3 Multicast Table
  - 10.3.1 IPv4 Multicast Table
  - 10.3.2 IPv6 Multicast Table
Chapter 11 QoS
- 11.1 DiffServ
- 11.2 Bandwidth Control
  - 11.2.1 Rate Limit
  - 11.2.2 Storm Control
- 11.3 Voice VLAN
Chapter 12 ACL
- 12.1 Time-Range
- 12.2 ACL Config
- 12.3 Policy Config
- 12.4 Policy Binding
- 12.5 Application Example for ACL
Chapter 13 Network Security
- 13.1 IP-MAC Binding
- 13.2 DHCP Snooping
  - 13.2.1 DHCP Snooping
  - 13.2.2 Option 82
- 13.3 ARP Inspection
- 13.4 IP Source Guard
- 13.5 DoS Defend
  - 13.5.1 DoS Defend
  - 13.5.2 DoS Detect
- 13.6 802.1X
  - 13.6.1 Global Config
  - 13.6.2 Port Config
- 13.7 AAA
- 13.8 PPPoE Config
Chapter 14 SNMP
- 14.1 SNMP Config
- 14.2 Notification
  - 14.2.1 Notification Config
  - 14.2.2 Traps Config
- 14.3 RMON
Chapter 15 LLDP
- 15.1 Basic Config
  - 15.1.1 Global Config
  - 15.1.2 Port Config
- 15.2 Device Info
  - 15.2.1 Local Info
  - 15.2.2 Neighbor Info
- 15.3 Device Statistics
- 15.4 LLDP-MED
Chapter 16 Cluster
- 16.1 NDP
- 16.2 NTDP
- 16.3 Cluster
Chapter 17 Maintenance
- 17.1 System Monitor
  - 17.1.1 CPU Monitor
  - 17.1.2 Memory Monitor
- 17.2 Log
- 17.3 Device Diagnostics
- 17.4 Network Diagnostics
  - 17.4.1 Ping
  - 17.4.2 Tracert
Chapter 18 System Maintenance via FTP
Appendix A: Glossary

230

security risks during ARP Implementation Procedure in the actual complex network. Thus, the

cheating attacks against ARP, such as imitating Gateway, cheating Gateway, cheating terminal

Hosts and ARP Flooding Attack, frequently occur to the network, especially to the large

network such as campus network and so on. The following part will simply introduce these ARP

attacks.



Imitating Gateway

The attacker sends the MAC address of a forged Gateway to Host, and then the Host will

automatically update the ARP table after receiving the ARP response packets, which causes

that the Host cannot access the network normally. The ARP Attack implemented by imitating

Gateway is illustrated in the following figure.

Figure 13-10 ARP Attack - Imitating Gateway

As the above figure shown, the attacker sends the fake ARP packets with a forged Gateway

address to the normal Host, and then the Host will automatically update the ARP table after

receiving the ARP packets. When the Host tries to communicate with Gateway, the Host will

encapsulate this false destination MAC address for packets, which results in a breakdown of

the normal communication.



Cheating Gateway

The attacker sends the wrong IP address-to-MAC address mapping entries of Hosts to the

Gateway, which causes that the Gateway cannot communicate with the legal terminal Hosts

normally. The ARP Attack implemented by cheating Gateway is illustrated in the following

figure.