Netgear M4100-D12G-POE+ (GSM5212P) - ProSAFE Gigabit L2+ Managed Switch Administrator's Guide
Security Management
241
ProSAFE M4100 Managed Switches
DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and
builds a bindings database of valid tuples (MAC address, IP address, VLAN interface).
builds a bindings database of valid tuples (MAC address, IP address, VLAN interface).
When DAI is enabled, the switch drops ARP packet if the sender MAC address and sender
IP address do not match an entry in the DHCP snooping bindings database. However, it can
be overcome through static mappings. Static mappings are useful when hosts configure
static IP addresses, DHCP snooping cannot be run, or other switches in the network do not
run dynamic ARP inspection. A static mapping associates an IP address to a MAC address
on a VLAN.
IP address do not match an entry in the DHCP snooping bindings database. However, it can
be overcome through static mappings. Static mappings are useful when hosts configure
static IP addresses, DHCP snooping cannot be run, or other switches in the network do not
run dynamic ARP inspection. A static mapping associates an IP address to a MAC address
on a VLAN.
Static client
IP address: 192.168.10.1
HW address: 00:11:85:EE:54:E9
IP address: 192.168.10.1
HW address: 00:11:85:EE:54:E9
Interface
1/0/2
1/0/2
GSM73xxS
Interface
1/0/1
1/0/1
Interface
1/0/3
1/0/3
DHCP server
IP address: 192.168.10.1
IP address: 192.168.10.1
DHCP client
IP address: 192.168.10.86 (obtained)
HW address: 00:16:76:A7:88:CC
IP address: 192.168.10.86 (obtained)
HW address: 00:16:76:A7:88:CC
Figure 25. Dynamic ARP inspection
CLI: Configure Dynamic ARP Inspection
1.
Enable DHCP snooping globally.
(Netgear Switch) (Config)# ip dhcp snooping
2.
Enable DHCP snooping in a VLAN.
(Netgear Switch) (Config)# ip dhcp snooping vlan 1