ProSafe M4100 and M7100 Managed Switches

IP Source Guard

IP Source Guard uses the DHCP snooping bindings database. When IP Source Guard is enabled, the switch drops incoming packets that do not match a binding in the bindings database. IP Source Guard can be configured to enforce just the source IP address or both the source IP address and source MAC address.

Static client

IP address: 192.168.10.1

HW address: 00:11:85:EE:54:E9

Interface 1/0/2

Interface

Interface

1/0/1

1/0/3

 

GSM73xxS

DHCP Server

DHCP Client

IP address: 192.168.10.86 (obtained)

IP address: 192.168.10.1

HW address: 00:16:76:A7:88:CC

 

Figure 34. IP Source Guard

The example is shown as CLI commands and as a Web interface procedure.

CLI: Configure Dynamic ARP Inspection

1.Enable DHCP snooping globally.

(Netgear Switch) (Config)# ip dhcp snooping

312 Chapter 15. Security Management

Page 312
Image 312
NETGEAR M7100, M4100 manual IP Source Guard