Reference Guide
Dynamic Host Configuration Protocol (DHCP) | 319
Enabling IP+MAC Source Address Validation
IP source address validation validates the IP source address of an incoming packet against the DHCP
snooping binding table. IP+MAC source address validation ensures that the IP source address and MAC
source address are a legitimate pair, rather than validating each attribute individually. You cannot configure
IP+MAC SAV with IP SAV.
To enable IP+MAC SAV, follow these steps:
FTOS creates an ACL entry for each IP+MAC address pair in the binding table and applies it to the
interface.
To display the IP+MAC ACL, use the
show ip dhcp snooping source-address-validation [interface]
command in EXEC Privilege mode.
Step Task Command Syntax Command Mode
1 Allocate at least one FP block to the
ipmacacl CAM region.
cam-acl l2acl
CONFIGURATION
2 Save the running-config to the
startup-config.
copy running-config startup-config
EXEC Privilege
3 Reload the system.
reload
EXEC Privilege
4 Enable IP+MAC Source Address
Validation.
ip dhcp source-address-validation ipmac
INTERFACE