I've configured IPSG on my switch, but once enabled all legitimate traffic is dropped instead of only filtering spoofed IPs.
After reviewing Cisco's documentation and a number of tutorials I seem to be following the configuration guidelines correctly. Can someone who has deployed this point me in the right direction?
I've confirmed my DHCP snooping bindings are present for the devices attempting to communicate.
The IPSG commands are just: "ip verify source port-security" on each port which then populate "show ip verify source" with the expected allowed addresses, however legitimate traffic is still dropped.
When I debug IPSG with "debug ip verify source packet" it doesn't trigger anything so I don't have visibility on that front. Wireshark just shows ICMPs being requested but they don't make it past the switch.
Thanks in advance!
No comments:
Post a Comment