Administrator Guide
CONFIGURATION mode
ip dhcp snooping verify mac-address
Enabling IP+MAC Source Address Validation
The following feature is available on the Z9000 platform.
IP source address validation (SAV) validates the IP source address of an incoming packet against the
DHCP snooping binding table. IP+MAC SAV ensures that the IP source address and MAC source address
are a legitimate pair, rather than validating each attribute individually. You cannot configure IP+MAC SAV
with IP SAV.
1. Allocate at least one FP block to the ipmacacl CAM region.
CONFIGURATION mode
cam-acl l2acl
2. Save the running-config to the startup-config.
EXEC Privilege mode
copy running-config startup-config
3. Reload the system.
EXEC Privilege
reload
4. Enable IP+MAC SAV.
INTERFACE mode
ip dhcp source-address-validation ipmac
Dell Networking OS creates an ACL entry for each IP+MAC address pair in the binding table and applies it
to the interface.
To display the IP+MAC ACL for an interface for the entire system, use the show ip dhcp snooping
source-address-validation [
interface] command in EXEC Privilege mode.
Dynamic Host Configuration Protocol (DHCP)
269