Netgear GSM7228PS - ProSAFE 28 ports Gigabit Ethernet L2 Managed Stackable Switch with PoE Guia Do Administrador
Chapter 14. Security Management
|
269
ProSafe 7000 Managed Switch Release 8.0.3
2.
Enable DHCP snooping in a VLAN.
(Netgear Switch) (Config)# ip dhcp snooping vlan 1
3.
Configure the port through which the DHCP server is reached as trusted.
(Netgear Switch) (Config)# interface 1/0/1
(Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust
4.
View the DHCP Snooping Binding table.
(GSM7328S) #show ip dhcp snooping binding
Total number of bindings: 1
MAC Address IP Address VLAN Interface Type Lease (Secs)
----------------- --------------- ---- ----------- ------- -----------
00:16:76:A7:88:CC 192.168.10.86 1 1/0/2 DYNAMIC 86400
If the entry does not exist in the DHCP Snooping Binding table, it can statically added
through the command ip verify binding <mac-address> vlan <vlan id>
<ip address> interface <interface id>
through the command ip verify binding <mac-address> vlan <vlan id>
<ip address> interface <interface id>
in global configuration mode.
5.
Enable IP Source Guard in interface 1/0/2.
(GSM7352Sv2) (Interface 1/0/2)#ip verify source port-security
With this configuration, the device verifies both the source IP address and the source MAC
address. If the port-security option is skipped, the device verifies only the source IP address.
address. If the port-security option is skipped, the device verifies only the source IP address.
Web Interface: Configure Dynamic ARP Inspection
1.
Enable DHCP snooping globally.
a. Select Security > Control > DHCP Snooping Global Configuration. A screen
similar to the following displays.