Configuring Advanced Threat Protection

Dynamic IP Lockdown

Adding a Static Binding

To add the static configuration of an IP-to-MAC binding for a port to the lease database, enter the ip source-bindingcommand at the global configuration level. Use the no form of the command to remove the IP-to-MAC binding from the database.

Syntax: [no] ip source-binding <vlan-id> <ip-address> <mac-address> <port- number>

vlan-id

Specifies a valid VLAN ID number to bind with

 

the specified MAC and IP addresses on the port

 

in the DHCP binding database.

ip-address

Specifies a valid client IP address to bind with a

 

VLAN and MAC address on the port in the DHCP

 

binding database.

mac-address

Specifies a valid client MAC address to bind with

 

a VLAN and IP address on the port in the DHCP

 

binding database.

port-number

Specifies the port number on which the IP-to-

 

MAC address and VLAN binding is configured in

 

the DHCP binding database.

N o t e

Note that the ip source-bindingcommand is the same command used by the

 

Dynamic ARP Protection feature to configure static bindings. The Dynamic

 

ARP Protection and Dynamic IP Lockdown features share a common list of

 

source IP-to-MAC address bindings.

 

 

Verifying the Dynamic IP Lockdown Configuration

To display the ports on which dynamic IP lockdown is configured, enter the show ip source-lockdown status command at the global configuration level.

Syntax: show ip source-lockdown status

8-29