Chapter 15. Security Management | 313
ProSafe M4100 and M7100 Managed Switches
2. Enable DHCP snooping in a VLAN.
(Netgear Switch) (Config)# ip dhcp snooping vlan 1
3. Configure the port through which the DHCP server is reached as trusted.
(Netgear Switch) (Config)# interface 1/0/1
(Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust
4. View the DHCP Snooping Binding table.
(GSM7328S) #show ip dhcp snooping binding
Total number of bindings: 1
MAC Address IP Address VLAN Interface Type Lease (Secs)
----------------- --------------- ---- ----------- ------- -----------
00:16:76:A7:88:CC 192.168.10.86 1 1/0/2 DYNAMIC 86400
If the entry does not exist in the DHCP Snooping Binding table, it can statically added
through the command ip verify binding <mac-address> vlan <vlan id>
<ip address> interface <interface id> in global configuration mode.
5. Enable IP Source Guard in interface 1/0/2.
(GSM7352Sv2) (Interface 1/0/2)#ip verify source port-security
With this configuration, the device verifies both the source IP address and the source MAC
address. If the port-security option is skipped, the device verifies only the source IP address.
Web Interface: Configure Dynamic ARP Inspection
1. Enable DHCP snooping globally.
a. Select Security > Control > DHCP Snooping Global Configuration.
A screen similar to the following displays.