The anti-spoofing MAC-to-IP binding table can be populated through DHCP snooping, dynamic ARP inspection, and IP source guard. Regardless of which of these three methods are adding entries to that table, an entry cannot be added if there is not already an entry for the user's MAC address in the multiauth session table. (Refer to the chapter entitled “Authentication Configuration” in this book for more information about the session table.)