No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R011C10 Web-based Configuration Guide

This document describes the configuration and maintenance of device through the web network management system. The web network management system provides the functions of viewing device information and managing the entire system, interfaces, services, ACL, QoS, routes, security, and tools.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
IP Security

IP Security

This section includes the configurations of DHCP Snooping, IPSG, DAI, Static Binding Table, and Dynamic Binding Table.

DHCP Snooping

Context

DHCP snooping allows clients to obtain IP addresses from authorized DHCP servers. The device with DHCP snooping enabled can generate binding entries based on the IP and MAC addresses of DHCP clients.

Procedure

  1. Choose Configuration > Security Services > IP Security and click the DHCP Snooping tab, as shown in Figure 5-112.

    Figure 5-112  DHCP snooping configuration

  2. Turn on Global status to enable DHCP snooping globally.

    By default, DHCP snooping is not enabled globally.

  3. Click New and select a trusted interface in the displayed dialog box.
  4. Click Apply to configure the selected interface as a trusted interface.
  5. Click a record in VLAN List to edit its DHCP snooping status. Turn on DHCP Snooping Status and click to complete the configuration.

    NOTE:

    You can also select multiple records and click Enable or Disable to set DHCP snooping status in a batch.

  6. Choose Configuration > Security Services > IP Security > DHCP Snooping and click the Interface List tab, as shown in Figure 5-113.

    Figure 5-113  Interface List tab page

  7. Select an interface on the Interface List tab page and edit its DHCP snooping status. Turn on DHCP Snooping Status and click to complete the configuration.

IPSG

Procedure

  1. Choose Configuration > Security Services > IP Security and click the IPSG tab, as shown in Figure 5-114.

    Figure 5-114  IPSG Configuration

  2. Select a port to be configured. Perform the following operations as required in the port area:

    • Click a port icon. To deselect the port, click the port icon again.
    • Drag the cursor to select consecutive ports in a batch.
    • Click multiple port icons to select these ports, and click a port icon again to deselect the port.
    • Select a slot where a panel is located. All ports on the panel are selected.

  3. Turn on IPSG status.
  4. Select an IP packet check item from IPSG matching option.
  5. Click Apply to complete the configuration.

DAI

Procedure

  1. Choose Configuration > Security Services > IP Security and click the DAI tab, as shown in Figure 5-115.

    Figure 5-115  DAI Configuration

  2. Select a port to be configured. Perform the following operations as required in the port area:

    • Click a port icon. To deselect the port, click the port icon again.
    • Drag the cursor to select consecutive ports in a batch.
    • Click multiple port icons to select these ports, and click a port icon again to deselect the port.
    • Select a slot where a panel is located. All ports on the panel are selected.

  3. Turn on DAI status.
  4. Select an ARP packet check item from DAI matching option.
  5. Click Apply to complete the configuration.

Static Binding Table

Context

IPSG based on a static binding table filters out IP packets received by untrusted interfaces, to prevent network access from malicious hosts using stolen IP addresses.

Procedure

  • Create a static binding entry.
    1. Choose Configuration > Security Services > IP Security and click the Static Binding Table tab, as shown in Figure 5-116.

      Figure 5-116  Static Binding Table

    2. Click Create to open the Create a Binging Entry page, as shown in Figure 5-117.

      Figure 5-117  Create a Binging Entry

      Table 5-49 describes parameters on the displayed page.
      Table 5-49  Create a Binging Entry

      Parameter

      Description

      Interface name

      Indicates the interface connected to user.

      VLAN ID

      Specifies the ID of a user VLAN. The value ranges from 1 to 4094.

      MAC address

      Indicates the MAC address of a user.

      IP address

      Specifies the static IP address of a user.

    3. Set the required parameters.
    4. Click OK.
  • Delete a static binding entry.
    1. Choose Configuration > Security Services > IP Security and click the Static Binding Table tab, as shown in Figure 5-116.
    2. Select a record that you want to delete and click Delete. The system asks you whether to delete the record.
    3. Click OK.

Dynamic Binding Table

Procedure

  1. Choose Configuration > Security Services > IP Security and click the Dynamic Binding Table tab, as shown in Figure 5-118.

    Figure 5-118  Dynamic Binding Table

  2. Click Refresh to update dynamic binding entries.
Translation
Download
Updated: 2019-03-30

Document ID: EDOC1000178031

Views: 32605

Downloads: 8

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next