NETGEAR M4100 Switch User Manual


 
Chapter 15. Security Management | 303
ProSafe M4100 and M7100 Managed Switches
Note: Make sure the administrator PC has a DHCP snooping entry or can
access the device through the trusted port for ARP. Otherwise, you
might get disconnected from the device.
6. Configure port 1/0/1 as trusted.
a. Select Security > Control > Dynamic
ARP Inspection > DAI Interface
Configuration.
b. Select the Interface 1/0/1 check box.
c. For the T
rust Mode, select Enable.
d. Click Apply.
A screen similar to the following displays.
Now ARP packets from the DHCP client will go through; however ARP packets from the
static client are dropped, since it does have a DHCP snooping entry. It can be overcome by
static configuration as described in the following section, Static Mapping on page 303.
Static Mapping
The example is shown as CLI commands and as a Web interface procedure.
CLI: Configure Static Mapping
1. Create an ARP ACL.
(Netgear Switch) (Config)# arp access-list ArpFilter
2. Configure the rule to allow the static client.
(Netgear Switch) (Config-arp-access-list)# permit ip host 192.168.10.2
mac host 00:11:85:ee:54:e9