Netgear M5300-28G-POE+ (GSM7228PSv1h2) - 12-Port Managed Gigabit Switch Ratgeber Für Administratoren
294
|
Chapter 15. Security Management
ProSafe Managed Switch
d. Click Apply. A screen similar to the following displays.
Now ARP packets from the DHCP client will go through; however ARP packets from the
static client are dropped, since it does have a DHCP snooping entry. It can be overcome by
static configuration as described in the following section,
static client are dropped, since it does have a DHCP snooping entry. It can be overcome by
static configuration as described in the following section,
294.
Static Mapping
The example is shown as CLI commands and as a Web interface procedure.
CLI: Configure Static Mapping
1.
Create an ARP ACL.
2.
Configure the rule to allow the static client.
3.
Configure ARP ACL used for VLAN 1.
4.
Now the ARP packets from the static client will go through since it has an entry in the ARP.
ACL ARP packets from the DHCP client is also through since it has a DHCP snooping entry.
This command can include the optional static keyword. If the static keyword is given,
packets that do not match a permit statement are dropped without consulting the DHCP
snooping bindings. In this example, ARP packets from the DHCP client are dropped since it
does not have a matching rule, though it has a DHCP snooping entry.
packets that do not match a permit statement are dropped without consulting the DHCP
snooping bindings. In this example, ARP packets from the DHCP client are dropped since it
does not have a matching rule, though it has a DHCP snooping entry.
(Netgear Switch) (Config)# arp access-list ArpFilter
(Netgear Switch) (Config-arp-access-list)# permit ip host 192.168.10.2
mac host 00:11:85:ee:54:e9
(Netgear Switch) (Config)# ip arp inspection filter ArpFilter vlan 1