Netgear M5300-28G-POE+ (GSM7228PSv1h2) - 12-Port Managed Gigabit Switch Ratgeber Für Administratoren
290
|
Chapter 15. Security Management
ProSafe Managed Switch
4.
View the DHCP Snooping Binding table.
5.
Enable ARP inspection in VLAN 1.
Now all ARP packets received on ports that are members of the VLAN are copied to the
CPU for ARP inspection. If there are trusted ports, you can configure them as trusted in
the next step. ARP packets received on trusted ports are not copied to the CPU.
CPU for ARP inspection. If there are trusted ports, you can configure them as trusted in
the next step. ARP packets received on trusted ports are not copied to the CPU.
6.
Configure port 1/0/1 as trusted.
Now ARP packets from the DHCP client go through because there is a DHCP snooping
entry; however ARP packets from the static client are dropped. It can be overcome by static
configuration as described in
entry; however ARP packets from the static client are dropped. It can be overcome by static
configuration as described in
294.
Web Interface: Configure Dynamic ARP Inspection
1.
Enable DHCP snooping globally.
a. Select Security > Control > DHCP Snooping Global Configuration. A screen
similar to the following displays.
b. For DHCP Snooping Mode, select the Enable radio button.
c. Click Apply.
2.
Enable DHCP snooping in a VLAN.
(GSM7328S) #show ip dhcp snooping binding
Total number of bindings: 1
MAC Address IP Address VLAN Interface Type Lease (Secs)
----------------- --------------- ---- ----------- ------- -----------
00:16:76:A7:88:CC 192.168.10.86 1 1/0/2 DYNAMIC 86400
(Netgear Switch) (Config)# ip arp inspection vlan 1
(Netgear Switch) (Config)# interface 1/0/1
(Netgear Switch) (Interface 1/0/1)# ip arp inspection trust