Filter
Top Products
129
Enhancements
Release M.10.43 Enhancements
In this example, the following DHCP leases have been learned by DHCP snooping on port 5. VLANs
2 and 5 are enabled for DHCP snooping.
Figure 17. Sample DHCP Snooping Entries
The following example shows an IP-to-MAC address and VLAN binding that have been statically
configured in the lease database on port 5.
Figure 18. An Example of a Static Configuration Entry
Assuming that DHCP snooping is enabled and that port 5 is untrusted, dynamic IP lockdown applies
the following dynamic VLAN filtering on port 5:
Figure 19. Example of Internal Statements used by Dynamic IP Lockdown
Note that the deny any statement is applied only to VLANs for which DHCP snooping is enabled.
The permit any statement is applied only to all other VLANs.
IP Address MAC Address VLAN ID
10.0.8.5 001122-334455 2
10.0.8.7 001122-334477 2
10.0.10.3 001122-334433 5
IP Address MAC Address VLAN ID
10.0.10.1 001122-110011 5
permit 10.0.8.5 001122-334455 vlan 2
permit 10.0.8.7 001122-334477 vlan 2
permit 10.0.10.3 001122-334433 vlan 5
deny any vlan 1-10
permit any
permit 10.0.10.1 001122-110011 vlan 5