Defining and Configuring AutoTracker Policies
Page 20-15

Deļ¬ning a Port Binding Policy

Port binding polices require devices to match two or three criteria. The criteria can be one of
six combinations:
1. The device can attach to a specific switch port and use a specific MAC address and use a
specific protocol (IP or IPX).
2. The device can attach to a specific switch port and use a specific MAC address and use a
specific IP network address
3. The device can attach to a specific switch port and use a specific protocol (IP or IPX)
4. The device can use a specific IP address and use a specific MAC address
5. The device can use a specific port and a specific IP address
6. The device can use a specific port and a specific MAC address.
A device must match all values in the criteria set.
Port binding policies have two additional features. First, if a policy violation is detected, an
SNMP trap is generated to alert the network manager which rule was violated. Secondly, if
you attempt to configure a port binding rule that creates a conflict with another binding rule,
an error message is generated to alert the user of the problem.
For example, if a port binding rule is created with a policy that links IP address and
MAC address aabbcc:ddeeff, and you attempt to create a port binding rule for the same IP
address with a policy that links it to port 3/1, an error message will appear as shown:
This IP address has already been assigned to a different rule
In this example the second port binding rule is not created because the purpose of the first
rule is to provide mobility for the IP address (i.e., it is not restricted to a port), while
the second rule specifically limits the mobility of IP address to port 3/1.
A general rule for port binding policies is that once an address has been assigned (MAC or
IP), it cannot be assigned to another policy until it is removed from the first policy. The
following table is a reference for policy conflicts:
Limitations for Port Policies
IP Address MAC Address Port Protocol
IP Address N/A IP and MAC address
cannot be used again
IP address cannot be
used again
MAC Address IP and MAC address
cannot be used again
N/A MAC address cannot
be used again
MAC address cannot
be used again
Port IP address cannot be
used again
MAC address cannot
be used again
N/A None
Protocol N/A MAC address cannot
be used again
None N/A