IP source lockdown
It is best to configure IP source lockdown during a switch maintenance period as enabling it may cause client traffic to be dropped for 10 to 15 seconds.
To use IPv4 source lockdown, the IPv4 binding database must be populated. The binding database is typically dynamically populated by DHCPv4 snooping that learns and saves the binding information. Alternatively, the IPv4 binding database can be statically populated with the
ipv4 source-binding
command described in this chapter. Often DHCPv4 snooping is used to dynamically populate most of the IP binding database along with the
ipv4 source-binding
command that is used to add the binding information for several known and trusted clients, typically administrators. For dynamic IP binding database population with DHCPv4 snooping, see
DHCP snooping.
To use IPv6 source lockdown, the IPv6 binding database must be populated. The binding database is typically dynamically populated by DHCPv6 snooping that learns and saves the binding information. Alternatively, the IPv6 binding database can be statically populated with the
ipv6 source-binding
command described in this chapter. Often DHCPv6 snooping is used to dynamically populate most of the IPv6 binding database along with the
ipv6 source-binding
command that is used to add the binding information for several known and trusted clients, typically administrators. For dynamic IPv6 binding database population with DHCPv6 snooping, see
DHCP snooping.
IP source lockdown should not be configured on ISL (inter-switch link) ports.