Netgear M4100-D12G (GSM5212v1h1) - 10‐port GE + 2 GE Combo L2 Managed PD Switch Guía De Administador
Security Management
246
ProSAFE M4100 Managed Switches
Note:
Make sure the administrator PC has a DHCP snooping entry or can
access the device through the trusted port for ARP. Otherwise, you
might get disconnected from the device.
access the device through the trusted port for ARP. Otherwise, you
might get disconnected from the device.
6.
Configure port 1/0/1 as trusted.
a. Select Security > Control > Dynamic ARP Inspection > DAI Interface
Configuration.
b. Select the Interface 1/0/1 check box.
c. For the Trust Mode, select Enable.
d. Click Apply.
A screen similar to the following displays.
Now ARP packets from the DHCP client will go through; however ARP packets from the
static client are dropped, since it does have a DHCP snooping entry. It can be overcome by
static configuration as described in the following section,
static client are dropped, since it does have a DHCP snooping entry. It can be overcome by
static configuration as described in the following section,
246.
Static Mapping
The example is shown as CLI commands and as a Web interface procedure.
CLI: Configure Static Mapping
1.
Create an ARP ACL.
(Netgear Switch) (Config)# arp access-list ArpFilter
2.
Configure the rule to allow the static client.
(Netgear Switch) (Config-arp-access-list)# permit ip host 192.168.10.2
mac host 00:11:85:ee:54:e9