IP Source Guard
IP Source Guard uses the DHCP snooping bindings database. When IP Source Guard is
enabled, the switch drops incoming packets that do not match a binding in the bindings
database. IP Source Guard can be configured to enforce just the source IP address or both
the source IP address and source MAC address.
Interface
1/0/1
DHCP Server
IP address: 192.168.10.1
Figure 32. IP Source Guard
The example is shown as CLI commands and as a Web interface procedure.
CLI: Configure Dynamic ARP Inspection
1.
Enable DHCP snooping globally.
(Netgear Switch) (Config)# ip dhcp snooping
282 |
Chapter 15. Security Management
Static client
IP address: 192.168.10.1
HW address: 00:11:85:EE:54:E9
Interface
1/0/2
GSM73xxS
ProSafe Managed Switch
Interface
1/0/3
DHCP Client
IP address: 192.168.10.86 (obtained)
HW address: 00:16:76:A7:88:CC