Debugging Dynamic Ip Lockdown - HP ProCurve 6120G/XG Manual
Hp procurve series 6120 blade switches access security guide
Hide thumbs
Also See for ProCurve 6120G/XG:
- Configuration manual (662 pages) ,
- Manual (469 pages) ,
- Management manual (222 pages)
Table of Contents
Advertisement
ProCurve(config)# show ip source-lockdown bindings
Dynamic IP Lockdown (DIPLD) Bindings
Mac Address
IP Address
-----------
----------
001122-334455
10.10.10.1
005544-332211
10.10.10.2
. . . . . . . . . . . . . . . . . . . . . . . . . . .
Figure 10-6. Example of show ip source-lockdown bindings Command Output
In the show ip source-lockdown bindings command output, the "Not in HW"
column specifies whether or not (YES or NO) a statically configured IP-to-
MAC and VLAN binding on a specified port has been combined in the lease
database maintained by the DHCP Snooping feature.
Debugging Dynamic IP Lockdown
To enable the debugging of packets dropped by dynamic IP lockdown, enter
the debug dynamic-ip-lockdown command.
Syntax: debug dynamic-ip-lockdown
To send command output to the active CLI session, enter the debug destination
session command.
Counters for denied packets are displayed in the debug dynamic-ip-lockdown
command output. Packet counts are updated every five minutes. An example
of the command output is shown in Figure 10-7.
When dynamic IP lockdown drops IP packets in VLAN traffic that do not
contain a known source IP-to-MAC address binding for the port on which the
packets are received, a message is entered in the event log.
Configuring Advanced Threat Protection
Dynamic IP Lockdown
VLAN
Port
Not in HW
-----
-----
---------
1111
X11
2222
Trk11
YES
10-31
Hide quick links:
Advertisement
Table of Contents
