User’s Manual
Light Industrial AP
ENGLISH
71
Copyright © NEXCOM, INC.
7.3.3 Advanced
At
Firewall > Advanced,
more advanced settings on firewall rules can be configured, providing extra security
enhancement against DHCP and ARP traffic traversing the available interfaces of the system.
Trust Interface
: Each VAP interface can be checked individually to mark as trusted interfaces;
security enforcements on DHCP/ARP like DHCP snooping and ARP inspection will be carried out on
non-trusted interfaces.
DHCP Snooping
: When enabled, DHCP packets will be validated against possible threats like
DHCP starvation attack; in addition, the trusted DHCP server (IP/MAC) can be specified to prevent
rouge DHCP server.
ARP Inspection
: When enabled, ARP packets will be validated against ARP spoofing.
o
Proxy ARP
option when enabled, AP will reply ARP requests on behalf of downlink
stations. The ARP table maintained by the AP will be used as a look up table upon receipt
of ARP request from AP uplink. Adversely, without Proxy ARP, ARP request is
broadcasted down into the AP
’s wireless network causing network inefficiencies.
o
Force DHCP
option when enabled, the AP only learns MAC/IP pair information through
DHCP packets. Since devices configured with static IP address does not send DHCP
traffic, any clients with static IP address will be blocked from internet access unless its
MAC/IP pair is listed and enabled on the
Static Trust List.
o
Trust List Broadcast
can be enabled to let other APs (with L2 firewall feature) learn the
trusted MAC/IP pairs to issue ARP requests.
o
Static Trust List
can be used to add MAC or MAC/IP pairs of devices that are trusted to
issue ARP request. Other network nodes can still send their ARP requests; however, if
their IP appears on the static list (with different MAC), their ARP requests will be dropped
to prevent eavesdropping.
If any settings are changed, please click
SAVE
to save the configuration before leaving this page.
