IP Source Guard configuration

Hello!
I'm trying to get IP Source Guard on a M4100-26G to work.

Firmware is 10.0.2.30.

I'm doing exactly this: How do I configure Dynamic ARP Inspection (DAI) with IP Source Guard using CLI commands on my managed switch? 
But that does not work and is wrong in my opinion.

Why should I look at "show ip dhcp snooping binding" when I'm configuring "ip verify binding"
Am I misunderstanding the IP Source Guard functionality?
I thought if I set a static binding, the client cannot communicate with the outside world if it has not the same IP as in the binding defined.

I changed the IP to something else but I was still able to ping the outside.

And what about DAI? The title says DAI but the article does not mention anithing about DAI.

DHCP Snooping mode is Enabled and Mac Address Verification is also enabled.
VLAN 2 (Which i'm using) is configured as "Enable" and all Interfaces are on "Disable" for Thrust mode, except the Uplink Ports.
The "DHCP Snooping Binding Configuration" has no Static Binding.
IP Source guard is on interface 0/3 with "IPSG Mode" Enabled and I have testet Port Security but it makes no difference.

In the "IP Source Guard Binding Configuration" is the one static configuration entered.

The "Add" Command:

ip verify binding 00:00:00:00:00:ff vlan 2 1.2.3.4 interface 0/3

The (in my opinion correct) show command:

M4100-26G) (Config)#show ip verify source

Interface    Filter Type    IP Address       MAC Address      VLAN
-----------  -----------  ---------------  -----------------  -----
0/3          ip             1.2.3.4                            2

0/21         ip             1.2.3.1                            47

IP and Mac's are randomized and I don't know why "MAC Adress" is empty in the last one.

Thanks in Advance!