Netgear GS716Tv3 – ProSAFE 16-Port Gigabit Managed Switch 管理者ガイド
Configure System Information
70
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches
Services
This section describes how to configure the DHCP snooping and Dynamic ARP Inspection
(DAI) features on the switch. DHCP snooping and DAI are layer 2 security features that
examine traffic to help prevent accidental and malicious attacks on the switch or network.
From the Services configuration menu, you can access screens described in the following
sections:
(DAI) features on the switch. DHCP snooping and DAI are layer 2 security features that
examine traffic to help prevent accidental and malicious attacks on the switch or network.
From the Services configuration menu, you can access screens described in the following
sections:
•
•
DHCP Snooping
DHCP snooping is a useful feature that provides security by filtering untrusted DHCP
messages and by building and maintaining a DHCP snooping binding table. An untrusted
message is a message that is received from outside the network or firewall and that can
cause traffic attacks within your network. The DHCP snooping binding table contains the
MAC address, IP address, lease time, binding type, VLAN number, and interface information
that corresponds to the local untrusted interfaces of a switch. An untrusted interface is an
interface that is configured to receive messages from outside the network or firewall. A
trusted interface is an interface that is configured to receive only messages from within the
network.
messages and by building and maintaining a DHCP snooping binding table. An untrusted
message is a message that is received from outside the network or firewall and that can
cause traffic attacks within your network. The DHCP snooping binding table contains the
MAC address, IP address, lease time, binding type, VLAN number, and interface information
that corresponds to the local untrusted interfaces of a switch. An untrusted interface is an
interface that is configured to receive messages from outside the network or firewall. A
trusted interface is an interface that is configured to receive only messages from within the
network.
DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also
provides way to differentiate between untrusted interfaces connected to the end user and
trusted interfaces connected to the DHCP server or another switch.
provides way to differentiate between untrusted interfaces connected to the end user and
trusted interfaces connected to the DHCP server or another switch.
Global Configuration
Use this screen to view and configure the global settings for DHCP snooping.
To configure DHCP snooping global settings:
1.
Select System
>
Services
>
DHCP Snooping
>
Global Configuration.
2.
Next to DHCP Snooping Mode, enable the DHCP Snooping feature.
3.
(Optionally) Next to MAC Address Validation, enable the verification of the sender MAC
address for DHCP snooping.
address for DHCP snooping.
When MAC address validation is enabled, the device checks packets that are received on
an untrusted interface to verify that the MAC address and the DHCP client hardware
address match. If the addresses do not match, the device drops the packet.
an untrusted interface to verify that the MAC address and the DHCP client hardware
address match. If the addresses do not match, the device drops the packet.
4.
Click the Apply button.
To enable DHCP snooping for all interfaces that are members of a VLAN:
1.
In the VLAN ID field, specify the VLAN on which DHCP snooping is enabled.
2.
From the DHCP Snooping Mode list, select Enable.
3.
Click the Apply button.