d. Click Apply. A screen similar to the following displays.
Now ARP packets from the DHCP client will go through; however ARP packets from the static
client are dropped, since it does have a DHCP snooping entry. It can be overcome by static
configuration as described in the following section,
Static Mapping
The example is shown as CLI commands and as a Web interface procedure.
CLI: Configure Static Mapping
1.
Create an ARP ACL.
(Netgear Switch) (Config)# arp access-list ArpFilter
2.
Configure the rule to allow the static client.
(Netgear Switch) (Config-arp-access-list)# permit ip host 192.168.10.2
mac host 00:11:85:ee:54:e9
3.
Configure ARP ACL used for VLAN 1.
(Netgear Switch) (Config)# ip arp inspection filter ArpFilter vlan 1
4.
Now the ARP packets from the static client will go through since it has an entry in the ARP.
ACL ARP packets from the DHCP client is also through since it has a DHCP snooping entry.
This command can include the optional static keyword. If the static keyword is given,
packets that do not match a permit statement are dropped without consulting the DHCP
snooping bindings. In this example, ARP packets from the DHCP client are dropped since it
does not have a matching rule, though it has a DHCP snooping entry.
274 |
Chapter 15. Security Management
ProSafe Managed Switch
Static Mapping
on page 274.