Enhancements
Release M.10.43 Enhancements
In this example, the following DHCP leases have been learned by DHCP snooping on port 5. VLANs 2 and 5 are enabled for DHCP snooping.
IP Address | MAC Address | VLAN ID |
|
|
|
10.0.8.5 | 2 | |
10.0.8.7 | 2 | |
10.0.10.3 | 5 | |
|
|
|
Figure 17. | Sample DHCP Snooping Entries |
|
The following example shows an
IP Address | MAC Address | VLAN ID |
|
|
|
10.0.10.1 | 5 | |
|
| |
Figure 18. | An Example of a Static Configuration Entry |
Assuming that DHCP snooping is enabled and that port 5 is untrusted, dynamic IP lockdown applies the following dynamic VLAN filtering on port 5:
permit 10.0.8.5
permit 10.0.8.7
permit 10.0.10.3
deny any vlan
Figure 19. Example of Internal Statements used by Dynamic IP Lockdown
Note that the deny any statement is applied only to VLANs for which DHCP snooping is enabled. The permit any statement is applied only to all other VLANs.
129