Configuring Source IP Lockdown

To configure source IP lockdown, you must enable DHCP (Dynamic Host Configuration Protocol) snooping on the ports connected to the DHCP server and DHCP client before you enable source IP lockdown. You must enable source IP lockdown on the ports connected to the DHCP client, not on the ports connected to the DHCP server.
Note

Note

Enabling DHCP snooping and source IP lockdown on the same port applies ACL rules with the same match conditions, but different actions. The rule with deny action takes precedence, so packets are dropped if the these ACL rules are installed on different slices. Many factors influence which slice rules are installed on. To see which slice these rules are installed on, use the command show access-list usage acl-slice port port or show access-list usage acl-rule port port .