IP Source Address Validation validates the IP source address of an incoming packet against the DHCP
Snooping binding table. IP+MAC Source Address Validation ensures that the IP source address and MAC
source address are a legitimate pair, rather validating each attribute individually. IP+MAC Source Address
Validation cannot be configured with IP Source Address Validation.
Step
Task
1
Allocate at least one FP block to the
ipmacacl CAM region.
2
Save the running-config to the
startup-config.
3
Reload the system.
4
Enable IP+MAC Source Address
Validation.
FTOS creates an ACL entry for each IP+MAC address pair in the binding table and applies it to the
interface.
Task
Display the IP+MAC ACL for an
interface for for the entire system.
Command Syntax
cam-acl l2acl
copy running-config startup-config
reload
ip dhcp source-address-validation ipmac
Command Syntax
show ip dhcp snooping source-address-validation
interface
[
]
Command Mode
CONFIGURATION
EXEC Privilege
EXEC Privilege
INTERFACE
Command Mode
EXEC Privilege
Dynamic Host Configuration Protocol | 329