Debugging dynamic IP lockdown

To enable the debugging of packets dropped by dynamic IP lockdown, enter the debug dynamic-ip-lockdown command.

Syntax

debug dynamic-ip-lockdown

To send command output to the active CLI session, enter the debug destination session command.

Counters for denied packets are displayed in the debug dynamic-ip-lockdown command output. Packet counts are updated every five minutes. An example of the command output is shown in Debug dynamic-ip-lockdown command output.

When dynamic IP lockdown drops IP packets in VLAN traffic that do not contain a known source IP-to-MAC address binding for the port on which the packets are received, a message is entered in the event log.

Figure 259: Debug dynamic-ip-lockdown command output