Netgear M4300-24X24F (XSM4348S) - Stackable Managed Switch with 48x10G including 24x10GBASE-T and 24xSFP+ Layer 3 Guia Do Administrador
Security Management
333
Managed Switches
CLI: Configure Dynamic ARP Inspection
1.
Enable DHCP snooping globally.
2.
Enable DHCP snooping in a VLAN.
3.
Configure the port through which the DHCP server is reached as trusted.
4.
View the DHCP Snooping Binding table.
5.
Enable ARP inspection in VLAN 1.
Now all ARP packets received on ports that are members of the VLAN are copied to the
CPU for ARP inspection. If there are trusted ports, you can configure them as trusted in
the next step. ARP packets received on trusted ports are not copied to the CPU.
CPU for ARP inspection. If there are trusted ports, you can configure them as trusted in
the next step. ARP packets received on trusted ports are not copied to the CPU.
6.
Configure port 1/0/1 as trusted.
Now, ARP packets from the DHCP client go through because a DHCP snooping entry exists.
However, ARP packets from the static client are dropped. For information about how to
prevent ARP packets from static clients to be dropped, see
However, ARP packets from the static client are dropped. For information about how to
prevent ARP packets from static clients to be dropped, see
(Netgear Switch) (Config)# ip dhcp snooping
(Netgear Switch) (Config)# ip dhcp snooping vlan 1
(Netgear Switch) (Config)# interface 1/0/1
(Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust
(Netgear Switch) #show ip dhcp snooping binding
Total number of bindings: 1
MAC Address IP Address VLAN Interface Type Lease (Secs)
----------------- -------------- ---- ---------- ------- -----------
00:16:76:A7:88:CC 192.168.10.86 1 1/0/2 DYNAMIC 86400
(Netgear Switch) (Config)# ip arp inspection vlan 1
(Netgear Switch) (Config)# interface 1/0/1
(Netgear Switch) (Interface 1/0/1)# ip arp inspection trust