HP ProCurve 3500yl Release Notes page 143
Software version k.13.49
Hide thumbs
Also See for ProCurve 3500yl:
- Access security manual (778 pages) ,
- Specifications (16 pages) ,
- Features (6 pages)
Table of Contents
Advertisement
In this example, the following DHCP leases have been learned by DHCP snooping on port 5. VLANs
2 and 5 are enabled for DHCP snooping.
IP Address
10.0.8.5
10.0.8.7
10.0.10.3
Figure 28.
Sample DHCP Snooping Entries
The following example shows an IP-to-MAC address and VLAN binding that have been statically
configured in the lease database on port 5.
IP Address
10.0.10.1
Figure 29.
An Example of a Static Configuration Entry
Assuming that DHCP snooping is enabled and that port 5 is untrusted, dynamic IP lockdown applies
the following dynamic VLAN filtering on port 5:
permit 10.0.8.5 001122-334455 vlan 2
permit 10.0.8.7 001122-334477 vlan 2
permit 10.0.10.3 001122-334433 vlan 5
permit 10.0.10.1 001122-110011 vlan 5
deny any vlan 1-10
permit any
Figure 30.
Example of Internal Statements used by Dynamic IP Lockdown
Note that the deny any statement is applied only to VLANs for which DHCP snooping is enabled.
The permit any statement is applied only to all other VLANs.
MAC Address
001122-334455
001122-334477
001122-334433
MAC Address
001122-110011
VLAN ID
2
2
5
VLAN ID
5
Enhancements
Release K.13.19 Enhancements
132
Advertisement
Table of Contents
