Adding An Ip-To-Mac Binding To The Dhcp Binding Database; Potential Issues With Bindings - HP 2530 Manual Supplement

i. Enter the ip source-lockdown command. This command enables IP source lockdown
globally.
ii. Specify the port or ports to lock down with the ip source-lockdown <port-list>
command. Specifying the ports to lock down does not automatically enable the feature globally,
so complete both steps.
After you enter the ip source-lockdown command (enabled globally with the desired ports
entered in <port-list>), the dynamic IP lockdown feature remains disabled on a port if any of
the following conditions exist:
DHCP snooping has not been globally enabled on the switch.
The port is not a member of at least one VLAN that is enabled for DHCP snooping.
The port is configured as a trusted port for DHCP snooping.
Dynamic IP lockdown is activated on the port only after you make the following configuration
changes:
Enable DHCP snooping on the switch.
Configure the port as a member of a VLAN that has DHCP snooping enabled.
Remove the trusted-port configuration.
You can configure dynamic IP lockdown only from the CLI; this feature cannot be configured from
the WebAgent or menu interface. If you enable dynamic IP lockdown on a port, you cannot add
the port to a trunk.
Remove dynamic IP lockdown from a trunk before removing the trunk.

Adding an IP-to-MAC binding to the DHCP binding database

Dynamic IP lockdown supports a total of 2K static and dynamic bindings with up to 32 bindings
per port. When DHCP snooping is enabled globally on a VLAN, dynamic bindings are learned
when a client on the VLAN obtains an IP address from a DHCP server. Static bindings are created
manually with the CLI or from a downloaded configuration file.
When dynamic IP lockdown is enabled globally or on ports, the bindings associated with the ports
are written to hardware when the following events occur:
Switch initialization
Hot swap
A dynamic IP lockdown-enabled port is moved to a DHCP-snooping enabled VLAN
DHCP snooping or dynamic IP lockdown characteristics are changed so that dynamic IP
lockdown is enabled on the ports

Potential issues with bindings

When dynamic IP lockdown is enabled and a port or switch has the maximum number of
bindings configured, the client DHCP request is dropped and the client does not receive an
IP address through DHCP.
When dynamic IP lockdown is enabled and a port is configured with the maximum number
of bindings, adding a static binding to the port will fail.
When dynamic IP lockdown is enabled globally, the bindings for each port are written to
hardware. If global dynamic IP lockdown is enabled and disabled several times, buffer space
for additional bindings can be exhausted. The software will delay adding the bindings to
hardware until resources are available.
For syntax and an example of the ip-source binding command, see
to the DHCP binding database and adding or removing a static binding" (page
"Adding an IP-to-MAC binding
17).
Dynamic IP Lockdown 23