06-29-2017 02:20 PM - edited 03-08-2019 11:09 AM
I have tested this, but results are different in each case..
What if I have a host connected to port 1 (IP-MAC), and is in snooping binding database.. and now someone moves him to Port 2... I have snooping, DAI, and SG configured
DHCP snooping binding would still have his MAC and IP in port 1 - and would it release it automatically, and move to port 2 ??
actually i tested it here, and it automatically moved iit, and a couple of times it didn't... the PC was blocked off port 2, by Source guard and i had to clear snooping table, and remove source guard to make it work.
Can someone clarify this - if a switch sees the SAME MAC and IP coming from a different port - It should allow it, and rebind the snooping table right ?? The issue is when either the IP or the MAC changes in the binding, where they are blocked (and i agree to it)
06-29-2017 04:13 PM
Hi,
In the case when the PC was blocked, did the PC do an ip address renewal or did it try to continue using the ip address? I am guessing the PC does not renew the ip address and this causes SG to deny access. Usually when you move PC from one port to another, it should work fine as long as the PC does a DHCP lease/renew
Thanks
John
06-30-2017 06:35 AM
The PC was behind the phone.. So, when the phone was disconnected, obviously, both the phone and PC was trying to get an IP address.It wasnt trying to get a new IP.. but would start the DHCP process, and get the same IP.
Does Source guard allow CDP packets ? I know the PHone uses voice vlans, thro CDP...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide