C) 7.3.3 advanced – LevelOne EAP-200 User Manual
Page 70

70
(c)
7.3.3 Advanced
Advanced firewall settings are used to supplement the firewall rules, providing extra security enhancement
against DHCP and ARP traffics traversing the available interfaces of system.
Trust Interface: Each VAP interface can be checked individually to mark as trusted interfaces;
security enforcements on DHCP/ARP like DHCP snooping and ARP inspection will be carried out on
non-trusted interfaces.
DHCP Snooping: When enabled, DHCP packets will be validated against possible threats like DHCP
starvation attack; in addition, the trusted DHCP server (IP/MAC) can be specified to prevent rouge
DHCP server.
ARP Inspection: When enabled, ARP packets will be validated against ARP spoofing.
o
Force DHCP option when enabled, the AP only learns MAC/IP pair information through
DHCP packets. Since devices configured with static IP address does not send DHCP traffic,
therefore any clients with static IP address will be blocked from internet access unless its
MAC/IP pair is listed and enabled on the Static Trust List.
o
Trust List Broadcast can be enabled to let other AP (with L2 firewall feature) learn the
trusted MAC/IP pairs to issue ARP requests.
o
Static Trust List can be used to add MAC or MAC/IP pairs of devices that are trusted to
issue ARP request. Other network nodes can still send their ARP requests; however, if their
IP appears in the static list (with different MAC), their ARP requests will be dropped to
prevent eavesdropping.
If any settings are made, please click SAVE to save the configuration before leaving this page.
