Netgear M4300-28G (GSM4328S) - Stackable Managed Switch with 24x1G and 4x10G including 2x10GBASE-T and 2xSFP+ Layer 3 소프트웨어 가이드

(NETGEAR Switch) #show ip source binding

MAC Address             IP Address         Type       Vlan      Interface

-----------------  ---------------    -------------  -----  -------------

00:00:00:00:00:08          1.2.3.4    dhcp-snooping     2        1/0/1

00:00:00:00:00:09          1.2.3.4    dhcp-snooping     3        1/0/1

00:00:00:00:00:0A          1.2.3.4    dhcp-snooping     4        1/0/1

Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP 
packets. DAI prevents a class of man-in-the-middle attacks, where an unfriendly station 
intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting 
neighbors. The miscreant sends ARP requests or responses mapping another station’s IP 
address to its own MAC address.

DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and 
builds a binding database of valid MAC addresses, IP addresses, VLANs, and interfaces.

When DAI is enabled, the switch drops ARP packets whose sender MAC address and 
sender IP address do not match an entry in the DHCP snooping bindings database. You can 
optionally configure additional ARP packet validation.

Use this command to enable Dynamic ARP Inspection on a list of comma-separated VLAN 
ranges.

MAC Address

The MAC address for the entry that is added.

IP Address

The IP address of the entry that is added.

Type

Entry type; statically configured from CLI or dynamically learned from DHCP Snooping.

VLAN

VLAN for the entry.

Interface

IP address of the interface in unit/slot/port format.

Default

disabled

Format

ip arp inspection vlan vlan-list

Mode

Global Config