-
Otthon
Routerek
Gyors és megbízható Wi-Fi hálózat létrehozásához
Hálózatkiterjesztés
Könnyedén növelje meg, és tegye jobbá hálózatát
SOHO Switches (Kapcsolók)
Ha több vezetékes kapcsolatra van szüksége otthonában
Egyéb eszközök
Amire még szüksége lehet a kapcsolattartáshoz
-
Intelligens otthon
Kamerák
Tartsa szemmel ami fontos
Wi-Fi-s konnektor
Tegye otthoni eszközeit okosabbá
Wi-Fi-s LED izzók
Fény, minden alkalomra
-
Irodai/üzleti
JetStream Switch
High-Speed wired networking from L3 managed to unmanaged
Omada szoftver kontrolleres AP-k
Professional business Wi-Fi with centralized management
SafeStream Router
Secure VPN and Load Balance gateways to the business
VIGI Surveillance
VIGI video surveillance is dedicated to your security
Pharos Vezeték nélküli szélessáv
Ideal for long range wireless broadband networking
-
Szolgáltatóknak
DSL
Capable of high-speed network and integrated broadband applications
LTE/3G
Gondoskodik az internet hozzáférésről, bárhol is legyen.
PON
The leading technology for delivering gigabit Internet services
Áramköri jeltovábbító
Átalakítja az áramkört belső/külső hálózat részévé.
Range Extender
Easily expand your Wi-Fi coverage.
Switch-ek
Növelje hálózatát kiváló teljesítménnyel.
Üzleti Wi-FI megoldások
A vállalkozás vezeték nélküli hálózatát új szintre emeli.
How to Block Unknown Devices to Access the Switch by Using IP Source Guard
Introduction:
IP Source Guard is to filter the IP packets based on the IP-MAC Binding entries. Only the packets matched to the IP-MAC Binding rules can be processed, which can enhance the bandwidth utility and the network security. In some situation, customers may want to limit the unknown devices to join the existing network. We can use the IP Source Guard and IP-MAC Binding to achieve this requirement.
Application Scenario:
As shown in the picture above, we assume that the host A is a legal PC that can access the switch. And when an unknown device want to join the network, it will be blocked. This article will instruct how to achieve this requirement by using IP Source Guard and IP-MAC Binding, and here we take T3700G-28TQ as example.
Configuration Steps:
1. Designate static IP for your devices or get IP automatically from the DHCP server.
2. IP-MAC Binding
3. Enable IP Source Guard
Here are the detailed configuration steps:
Step1: you can designate static IP address for your devices or let them get IP address automatically from the front DHCP server. But in this situation, we recommend you to designate static IP address for your devices manually.
Step2: IP-MAC Binding
To enable IP Source Guard, we should create IP-MAC Binding entries first. The IP-MAC Binding function allows you to bind the IP address, MAC address, VLAN ID and the connected Port of the host together. There are three methods to create IP-MAC Binding entries: Manual Binding, ARP scanning and DHCP Snooping.
Note:
1. In this application scenario, we cannot use DHCP Snooping, because the DHCP Snooping has higher priority than IP Source Guard. That is to say, when we apply DHCP Snooping and IP Source Guard at the same time, all the devices even the untrusted ones can still get IP address from the front DHCP server and then forward packets normally.
2. If you still want to use DHCP Snooping and IP Source Guard at the same time, you need to limit the IP allocation in the front DHCP server to make sure only the legal devices can get the IP address.
We can use the Manual Binding and ARP scanning individually or simultaneously. Here we instruct the two methods respectively.
- Manual Binding
Go to Network Security-->IP-MAC Binding -->Manual Binding
As is shown in the picture, we enter the Host Name, IP Address, MAC Address, VLAN ID and choose the Protect Type as IP Source Guard and select the port the host A connects to and then click Bind to save.
2)ARP Scanning
Connect all your devices to the switch and then go to Network Security-->IP-MAC Binding --> ARP Scanning
Designate the range of the IP address and VLAN to scan, here we take 192.168.1.1~192.168.1.254 and VLAN 1 as example, you should fill the blank according to your real scenario.
After the scanning, all the devices in the range will be showed in the table, choose the entries you want to bind and select the Protect Type as IP Source Guard and then click Apply to save.
Step3: Enable IP Source Guard
Go to Network Security--> IP Source Guard
Select the ports you want to apply IP Source Guard and choose the Security Type as SIP or SIP+MAC.
Note:
1. IP Source Guard cannot be enabled for LAG members.
2. If you choose SIP, only the packets with its source IP address and port number matched to the IP-MAC binding rules can be processed; If you choose SIP+MAC, only the packets with its source IP address, port number and source MAC address matched to the IP-MAC binding rules can be processed.
Test: we can use Ping command to test the connection in the unknown devices as shown in the picture below.
Before we enable IP Source Guard:
After we enable IP Source Guard:
Véleménye segíti az oldal fejlesztését