Netgear M5300-28G-POE+ (GSM7228PSv1h2) - 12-Port Managed Gigabit Switch Ratgeber Für Administratoren
Security Management
398
Managed Switches
CLI: Configure Dynamic ARP Inspection
1.
Enable DHCP snooping globally.
(Netgear Switch) (Config)# ip dhcp snooping
2.
Enable DHCP snooping in a VLAN.
(Netgear Switch) (Config)# ip dhcp snooping vlan 1
3.
Configure the port through which the DHCP server is reached as trusted.
(Netgear Switch) (Config)# interface 1/0/1
(Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust
4.
View the DHCP Snooping Binding table.
(GSM7328S) #show ip dhcp snooping binding
Total number of bindings: 1
MAC Address
IP Address
VLAN
Interface
Type
Lease (Secs)
-----------------
--------------
---- ----------- -------
-----------
00:16:76:A7:88:CC
192.168.10.86
1
1/0/2
DYNAMIC
86400
If the entry does not exist in the DHCP Snooping Binding table, you can add the entry
manually through the ip verify binding <mac-address> vlan <vlan id> <ip
address> interface <interface id>
manually through the ip verify binding <mac-address> vlan <vlan id> <ip
address> interface <interface id>
command in global configuration mode.
5.
Enable IP Source Guard in interface 1/0/2.
(GSM7352Sv2) (Interface 1/0/2)#ip verify source port-security
With this configuration, the device verifies both the source IP address and the source MAC
address. If the port-security option is skipped, the device verifies only the source IP address.
address. If the port-security option is skipped, the device verifies only the source IP address.