HP ProCurve 3500yl Release Notes page 145

Software version k.13.49

Hide thumbs Also See for ProCurve 3500yl:

Access security manual (778 pages)

Specifications (16 pages)

Features (6 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

page of 219

/ 219
Contents
Table of Contents
Bookmarks

Table of Contents

•

Remove the trusted-port configuration.

You can configure dynamic IP lockdown only from the CLI; this feature cannot be configured

■

from the Web management or menu interface.

■

If you enable dynamic IP lockdown on a port, you cannot add the port to a trunk.

■

Dynamic IP lockdown must be removed from a trunk before the trunk is removed.

Adding an IP-to-MAC Binding to the DHCP Binding Database

A switch maintains a DHCP binding database, which is used for dynamic IP lockdown as well as for

DHCP and ARP packet validation. The DHCP snooping feature maintains the lease database by

learning the IP-to-MAC bindings of VLAN traffic on untrusted ports. Each binding consists of the

client MAC address, port number, VLAN identifier, leased IP address, and lease time.

Dynamic IP lockdown supports a total of 4K static and dynamic bindings with up to 64 bindings per

port. When DHCP snooping is enabled globally on a VLAN, dynamic bindings are learned when a

client on the VLAN obtains an IP address from a DHCP server. Static bindings are created manually

with the CLI or from a downloaded configuration file.

When dynamic IP lockdown is enabled globally or on ports the bindings associated with the ports

are written to hardware. This occurs during these events:

•

Switch initialization

•

Hot swap

•

A dynamic IP lockdown-enabled port is moved to a DHCP snooping-enabled VLAN

•

DHCP snooping or dynamic IP lockdown characteristics are changed such that dynamic

IP lockdown is enabled on the ports

Potential Issues with Bindings

•

When dynamic IP lockdown enabled, and a port or switch has the maximum number of

bindings configured, the client DHCP request will be dropped and the client will not

receive an IP address through DHCP.

•

When dynamic IP lockdown is enabled and a port is configured with the maximum

number of bindings, adding a static binding to the port will fail.

•

When dynamic IP lockdown is enabled globally, the bindings for each port are written

to hardware. If global dynamic IP lockdown is enabled and disabled several times, it is

possible to run out of buffer space for additional bindings. The software will delay adding

the bindings to hardware until resources are available.

Enhancements

Release K.13.19 Enhancements

134

Table of Contents

This manual is also suitable for:

Procurve 8212zl Procurve 5400zl 6200yl

HP ProCurve 3500yl Release Notes page 145

Related Manuals for HP ProCurve 3500yl

Related Products for HP ProCurve 3500yl

This manual is also suitable for:

Table of Contents