Firewall

6

 

Configuring IP-MAC Binding to Prevent Spoofing

 

 

 

 

 

Configuring IP-MAC Binding to Prevent Spoofing

IP-MAC Binding allows you to bind an IP address to a MAC address and vice-versa. It only allows traffic when the host IP address matches a specified MAC address. By requiring the gateway to validate the source traffic’s IP address with the unique MAC address of device, this ensures that traffic from the specified IP address is not spoofed. If a violation (the traffic’s source IP address doesn’t match the expected MAC address having the same IP address), the packets will be dropped and can be logged for diagnosis.

NOTE Up to 100 IP-MAC binding rules can be configured on the security appliance.

STEP 1 Click Firewall > MAC Filtering > IP - MAC Binding Rules.

The IP - MAC Binding Rules window opens.

STEP 2 To add an IP-MAC binding rule, click Add.

Other options: To edit an entry, click the Edit (pencil) icon. To delete an entry, click the Delete (x) icon. To delete multiple entries, check them and click Delete.

The IP&MAC Binding Rule - Add/Edit window opens.

STEP 3 Enter the following information:

Name: Enter the name for the IP-MAC binding rule.

MAC Address: Choose an existing MAC address object. If the MAC address object that you want is not in the list, choose Create a new address to add a new MAC address object. To maintain the MAC address objects, go to the Networking > Address Management page. See Address Management, page175.

IP Address: Choose an existing IP address object that you want to bind with the selected MAC address. If the IP address object that you want is not in the list, choose Create a new address to add a new IP address object. To maintain the IP address objects, go to the Networking > Address Management page. See Address Management, page175.

Log Dropped Packets: Choose Enable to log all packets that are dropped. Otherwise, choose Disable.

STEP 4 Click OK to save your settings.

STEP 5 Click Save to apply your settings.

Cisco ISA500 Series Integrated Security Appliances Administration Guide

286

Page 286
Image 286
Casio ISA550WBUN3K9 Configuring IP-MAC Binding to Prevent Spoofing, Click Firewall MAC Filtering IP MAC Binding Rules