C) 7.3.3 advanced – LevelOne EAP-200 User Manual

70

(c)

7.3.3 Advanced

Advanced firewall settings are used to supplement the firewall rules, providing extra security enhancement

against DHCP and ARP traffics traversing the available interfaces of system.

Trust Interface: Each VAP interface can be checked individually to mark as trusted interfaces;

security enforcements on DHCP/ARP like DHCP snooping and ARP inspection will be carried out on

non-trusted interfaces.

DHCP Snooping: When enabled, DHCP packets will be validated against possible threats like DHCP

starvation attack; in addition, the trusted DHCP server (IP/MAC) can be specified to prevent rouge

DHCP server.

ARP Inspection: When enabled, ARP packets will be validated against ARP spoofing.

o

Force DHCP option when enabled, the AP only learns MAC/IP pair information through

DHCP packets. Since devices configured with static IP address does not send DHCP traffic,

therefore any clients with static IP address will be blocked from internet access unless its

MAC/IP pair is listed and enabled on the Static Trust List.

o

Trust List Broadcast can be enabled to let other AP (with L2 firewall feature) learn the

trusted MAC/IP pairs to issue ARP requests.

o

Static Trust List can be used to add MAC or MAC/IP pairs of devices that are trusted to

issue ARP request. Other network nodes can still send their ARP requests; however, if their

IP appears in the static list (with different MAC), their ARP requests will be dropped to

prevent eavesdropping.

If any settings are made, please click SAVE to save the configuration before leaving this page.