Netgear M5300-28G-POE+ (GSM7228PSv1h2) - 12-Port Managed Gigabit Switch Ratgeber Für Administratoren
Chapter 15. Security Management
|
303
ProSafe Managed Switch
2.
Enable DHCP snooping in a VLAN.
3.
Configure the port through which the DHCP server is reached as trusted.
4.
View the DHCP Snooping Binding table.
If the entry does not exist in the DHCP Snooping Binding table, it can statically added
through the command ip verify binding <mac-address> vlan <vlan id>
<ip address> interface <interface id>
through the command ip verify binding <mac-address> vlan <vlan id>
<ip address> interface <interface id>
in global configuration mode.
5.
Enable IP Source Guard in interface 1/0/2.
With this configuration, the device verifies both the source IP address and the source MAC
address. If the port-security option is skipped, the device verifies only the source IP address.
address. If the port-security option is skipped, the device verifies only the source IP address.
Web Interface: Configure Dynamic ARP Inspection
1.
Enable DHCP snooping globally.
a. Select Security > Control > DHCP Snooping Global Configuration. A screen
similar to the following displays.
(Netgear Switch) (Config)# ip dhcp snooping vlan 1
(Netgear Switch) (Config)# interface 1/0/1
(Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust
(GSM7328S) #show ip dhcp snooping binding
Total number of bindings: 1
MAC Address IP Address VLAN Interface Type Lease (Secs)
----------------- --------------- ---- ----------- ------- -----------
00:16:76:A7:88:CC 192.168.10.86 1 1/0/2 DYNAMIC 86400
(GSM7352Sv2) (Interface 1/0/2)#ip verify source port-security