Why should I look at "show ip dhcp snooping binding" when I'm configuring "ip verify binding" Am I misunderstanding the IP Source Guard functionality? I thought if I set a static binding, the client cannot communicate with the outside world if it has not the same IP as in the binding defined.
I changed the IP to something else but I was still able to ping the outside.
And what about DAI? The title says DAI but the article does not mention anithing about DAI.
DHCP Snooping mode is Enabled and Mac Address Verification is also enabled. VLAN 2 (Which i'm using) is configured as "Enable" and all Interfaces are on "Disable" for Thrust mode, except the Uplink Ports. The "DHCP Snooping Binding Configuration" has no Static Binding. IP Source guard is on interface 0/3 with "IPSG Mode" Enabled and I have testet Port Security but it makes no difference.
In the "IP Source Guard Binding Configuration" is the one static configuration entered.
The "Add" Command:
ip verify binding 00:00:00:00:00:ff vlan 2 1.2.3.4 interface 0/3
The (in my opinion correct) show command:
M4100-26G) (Config)#show ip verify source
Interface Filter Type IP Address MAC Address VLAN
----------- ----------- --------------- ----------------- -----
0/3 ip 1.2.3.4 2
0/21 ip 1.2.3.1 47
IP and Mac's are randomized and I don't know why "MAC Adress" is empty in the last one.
