Netgear M4300-24X24F (XSM4348S) - Stackable Managed Switch with 48x10G including 24x10GBASE-T and 24xSFP+ Layer 3 Guia Do Administrador
Security Management
349
Managed Switches
The example is shown as CLI commands and as a web interface procedure.
CLI: Configure Dynamic ARP Inspection
1.
Enable DHCP snooping globally.
2.
Enable DHCP snooping in a VLAN.
3.
Configure the port through which the DHCP server is reached as trusted.
4.
View the DHCP Snooping Binding table.
If the entry does not exist in the DHCP Snooping Binding table, you can add the entry
manually through the ip verify binding mac-address vlan vlan-id
ip-address
manually through the ip verify binding mac-address vlan vlan-id
ip-address
interface interface-id command in global configuration mode.
5.
Enable IP Source Guard in interface 1/0/2.
With this configuration, the device verifies both the source IP address and the source MAC
address. If the port-security option is skipped, the device verifies only the source IP address.
address. If the port-security option is skipped, the device verifies only the source IP address.
(Netgear Switch) (Config)# ip dhcp snooping
(Netgear Switch) (Config)# ip dhcp snooping vlan 1
(Netgear Switch) (Config)# interface 1/0/1
(Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust
(Netgear Switch) #show ip dhcp snooping binding
Total number of bindings: 1
MAC Address IP Address VLAN Interface Type Lease (Secs)
----------------- -------------- ---- ----------- ------- -----------
00:16:76:A7:88:CC 192.168.10.86 1 1/0/2 DYNAMIC 86400
(Netgear Switch) (Interface 1/0/2)#ip verify source port-security