Netgear GSM7228PS - ProSAFE 28 ports Gigabit Ethernet L2 Managed Stackable Switch with PoE Guía De Administador
256
|
Chapter 14. Security Management
ProSafe 7000 Managed Switch Release 8.0.3
4.
View the DHCP Snooping Binding table.
(GSM7328S) #show ip dhcp snooping binding
Total number of bindings: 1
MAC Address IP Address VLAN Interface Type Lease (Secs)
----------------- --------------- ---- ----------- ------- -----------
00:16:76:A7:88:CC 192.168.10.86 1 1/0/2 DYNAMIC 86400
5.
Enable ARP inspection in VLAN 1.
(Netgear Switch) (Config)# ip arp inspection vlan 1
Now all ARP packets received on ports that are members of the VLAN are copied to the
CPU for ARP inspection. If there are trusted ports, you can configure them as trusted in
the next step. ARP packets received on trusted ports are not copied to the CPU.
CPU for ARP inspection. If there are trusted ports, you can configure them as trusted in
the next step. ARP packets received on trusted ports are not copied to the CPU.
6.
Configure port 1/0/1 as trusted.
(Netgear Switch) (Config)# interface 1/0/1
(Netgear Switch) (Interface 1/0/1)# ip arp inspection trust
Now ARP packets from the DHCP client go through because there is a DHCP snooping
entry; however ARP packets from the static client are dropped. It can be overcome by static
configuration as described in
entry; however ARP packets from the static client are dropped. It can be overcome by static
configuration as described in
260.
Web Interface: Configure Dynamic ARP Inspection
1.
Enable DHCP snooping globally.
a. Select Security > Control > DHCP Snooping Global Configuration. A screen
similar to the following displays.
b. For DHCP Snooping Mode, select the Enable radio button.
c. Click Apply.
2.
Enable DHCP snooping in a VLAN.