8-29
Configuring Advanced Threat Protection
Dynamic IP Lockdown
Adding a Static Binding
To add the static configuration of an IP-to-MAC binding for a port to the lease
database, enter the ip source-binding command at the global configuration
level. Use the no form of the command to remove the IP-to-MAC binding from
the database.
Note Note that the ip source-binding command is the same command used by the
Dynamic ARP Protection feature to configure static bindings. The Dynamic
ARP Protection and Dynamic IP Lockdown features share a common list of
source IP-to-MAC address bindings.
Verifying the Dynamic IP Lockdown Configuration
To display the ports on which dynamic IP lockdown is configured, enter the
show ip source-lockdown status command at the global configuration level.
Syntax: [no] ip source-binding <vlan-id> <ip-address> <mac-address> <port-
number>
vlan-id Specifies a valid VLAN ID number to bind with
the specified MAC and IP addresses on the port
in the DHCP binding database.
ip-address Specifies a valid client IP address to bind with a
VLAN and MAC address on the port in the DHCP
binding database.
mac-address Specifies a valid client MAC address to bind with
a VLAN and IP address on the port in the DHCP
binding database.
port-number Specifies the port number on which the IP-to-
MAC address and VLAN binding is configured in
the DHCP binding database.
Syntax: show ip source-lockdown status
