Netgear M4300-52G (GSM4352S) - Stackable Managed Switch with 48x1G and 4x10G including 2x10GBASE-T and 2xSFP+ Layer 3 用户手册
Manage Device Security
560
M4200 and M4300 Series ProSAFE Managed Switches Web Management User Manual
The following table describes the DHCP snooping statistics.
Configure IP Source Guard Interfaces
You can configure IP source guard (IPSG) on each interface. IPSG is a security feature that
filters IP packets based on source ID. This feature helps protect the network from attacks that
use IP address spoofing to compromise or overwhelm the network. The source ID can be
either the source IP address or a source IP address and source MAC address pair. The
DHCP snooping bindings database, along with IPSG entries in the database, identify
authorized source IDs. If you enable IPSG on a port where DHCP snooping is disabled or
where DHCP snooping is enabled but the port is trusted, all IP traffic received on that port is
dropped depending on the admin-configured IPSG entries. Additionally, IPSG interacts with
port security, also known as port MAC locking, to enforce the source MAC address in
received packets. Port security controls source MAC address learning in the Layer 2
forwarding database (the MAC address table). When a frame is received with a previously
unlearned source MAC address, port security queries the IPSG feature to determine whether
the MAC address belongs to a valid binding.
filters IP packets based on source ID. This feature helps protect the network from attacks that
use IP address spoofing to compromise or overwhelm the network. The source ID can be
either the source IP address or a source IP address and source MAC address pair. The
DHCP snooping bindings database, along with IPSG entries in the database, identify
authorized source IDs. If you enable IPSG on a port where DHCP snooping is disabled or
where DHCP snooping is enabled but the port is trusted, all IP traffic received on that port is
dropped depending on the admin-configured IPSG entries. Additionally, IPSG interacts with
port security, also known as port MAC locking, to enforce the source MAC address in
received packets. Port security controls source MAC address learning in the Layer 2
forwarding database (the MAC address table). When a frame is received with a previously
unlearned source MAC address, port security queries the IPSG feature to determine whether
the MAC address belongs to a valid binding.
To configure IP Source Guard Interface settings:
1.
Launch a web browser.
2.
Enter http://<ipaddress> in the web browser address field.
The login window opens.
3.
Enter the user name and password.
The default admin user name is admin and the default admin password is blank, that is,
do not enter a password.
do not enter a password.
4.
Click the Login button.
The System Information page displays.
5.
Select Security > Control > IP Source Guard > Interface Configuration.
Table 206. DHCP Snooping Statistics
Field
Description
Interface
The untrusted and snooping-enabled interface for which statistics are
to be displayed.
to be displayed.
MAC Verify Failures
Number of packets that were dropped by DHCP snooping because
there is no matching DHCP snooping binding entry found.
there is no matching DHCP snooping binding entry found.
Client Ifc Mismatch
The number of DHCP messages that are dropped based on source
MAC address and client HW address verification.
MAC address and client HW address verification.
DHCP Server Msgs
The number of server messages that are dropped on an untrusted port.