HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 300
dhcp-snooping vlan, no dhcp-snooping trust, ip source-lockdown
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 300 highlights
Configuring Advanced Threat Protection Dynamic IP Lockdown • Dynamic IP lockdown only filters packets in VLANs that are enabled for DHCP snooping. In order for Dynamic IP lockdown to work on a port, the port must be configured for at least one VLAN that is enabled for DHCP snooping. To enable DHCP snooping on a VLAN, enter the dhcp-snooping vlan [vlan-id-range] command at the global configuration level or the dhcp-snooping command at the VLAN configuration level. • Dynamic IP lockdown is not supported on a trusted port. (However, note that the DHCP server must be connected to a trusted port when DHCP snooping is enabled.) By default, all ports are untrusted. To remove the trusted configuration from a port, enter the no dhcp-snooping trust command at the global configuration level. For more information on how to configure and use DHCP snooping, see "DHCP Snooping" on page 8-4. ■ After you enter the ip source-lockdown command (enabled globally with the desired ports entered in ), the dynamic IP lockdown feature remains disabled on a port if any of the following conditions exist: • If DHCP snooping has not been globally enabled on the switch. • If the port is not a member of at least one VLAN that is enabled for DHCP snooping. • If the port is configured as a trusted port for DHCP snooping. Dynamic IP lockdown is activated on the port only after you make the following configuration changes: • Enable DHCP snooping on the switch. • Configure the port as a member of a VLAN that has DHCP snooping enabled. • Remove the trusted-port configuration. ■ You can configure dynamic IP lockdown only from the CLI; this feature cannot be configured from the web management or menu interface. ■ If you enable dynamic IP lockdown on a port, you cannot add the port to a trunk. ■ Dynamic IP lockdown must be removed from a trunk before the trunk is removed. 8-27