Configuring Source IP Lockdown
To configure source IP lockdown, you must enable DHCP snooping on the ports connected
to the DHCP server and DHCP client before you enable source IP lockdown. You must enable
source IP lockdown on the ports connected to the DHCP client, not on the ports connected to
the DHCP server.
-
Enable DHCP snooping using the command:
enable
ip-security dhcp-snooping {vlan} vlan_name ports [all | ports] violation-action [drop-packet {[block-mac | block-port] [duration duration_in_seconds | permanently] | none]}] {snmp-trap}
Source IP lockdown is disabled on the switch by default.
-
To enable source IP lockdown, use the command:
enable
ip-security source-ip-lockdown ports [all |
ports]
-
To disable source IP lockdown, use the command
disable
ip-security source-ip-lockdown ports [all |
ports]