ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual

Configuring IP/MAC Address Binding

IP/MAC binding allows you to bind an IP address to a MAC address and the other way around. Some devices are configured with static addresses. To prevent users from changing their static IP addresses, IP/MAC binding must be enabled on the VPN firewall. If the VPN firewall detects packets with a matching IP address, but with the inconsistent MAC address (or the other way around), it will drop these packets. If users have enabled the logging option for IP/MAC binding, these packets will be logged before they are dropped. The VPN firewallwill then display the total number of dropped packets that violated either the IP-to-MAC binding or the MAC-to-IP binding.

Following is an example:

Assume that three computers on the LAN are set up as follows:

Host1: MAC address (00:01:02:03:04:05) and IP address (192.168.10.10)

Host2: MAC address (00:01:02:03:04:06) and IP address (192.168.10.11)

Host3: MAC address (00:01:02:03:04:07) and IP address (192.168.10.12)

If all the above host entries are added to the IP/MAC Binding table, the following scenarios indicate the possible outcome.

Host1: Matching IP address and MAC address in the IP/MAC Bindings table.

Host2: Matching IP address but inconsistent MAC address in the IP/MAC Bindings table.

Host3: Matching MAC address but inconsistent IP address in the IP/MAC Bindings table.

The VPN firewall will block the traffic coming from Host2 and Host3, but allow the traffic coming from Host1 to any external network. The total count of dropped packets will be displayed.

To enable IP/MAC binding and add IP and MAC addresses for binding:

1.Select Security from the main menu and Address Filter from the submenu.

2.Select the IP/MAC Binding tab. The IP/MAC Binding screen displays (see Figure 4-23 on page 4-36).

Firewall Protection and Content Filtering

4-35

v1.1, August 2010

Page 91
Image 91
NETGEAR FVS318G manual Configuring IP/MAC Address Binding