02-01-2024 06:38 AM
Hi All,
I'm really scratching my head on this one and was hoping someone might be able to help. I have a 2960X access stack running IOS 15.2(7)E9 with DHCP snooping enabled on all VLANs that use DHCP and device tracking enabled globally. All access interfaces are configured with the "ip verify source tracking" (I'm not entirely sure what the addition of "tracking" does to this command, as there's little documentation I can find on it, but my assumption is that it supplements the DHCP snooping table with the Device Tracking table for verifying IP addresses). Source guard works perfectly fine with my devices that utilize DHCP, but I'm having issues with devices that have a static IP. I know that adding a static binding with MAC, IP, and interface would remedy this, but I am also using dot1x assigned VLANs and I feel that this would defeat the whole purpose of the dynamically assigned vlans if I have to specify which interface a particular IP/MAC pair is connected to.
Does anyone know a way to do IPSG with static IP addressed devices WITHOUT specifying a static MAC/IP/Interface binding? Thanks!
02-01-2024 06:42 AM
ip source binding mac-address vlan vlan-id ip-address interface interface-id <<- this must be add under interface
MHM
02-02-2024 07:15 AM
So, I know that this is one resolution. I am trying to find a way to do this without specifying an interface. Do you know a way in which you can implement source guard WITHOUT having to manually specify the interface?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide