FVS338 ProSafe VPN Firewall 50 Reference Manual

6.When you have completed adding MAC addresses, click Apply to save your settings.

IP/MAC Binding

IP/MAC Binding allows you to bind an IP to a MAC address and vice-versa. Some machines are configured with static addresses. To prevent users from changing their static IP addresses, IP/MAC Binding must be enabled on the router. If the router sees packets with a matching IP address, but with an inconsistent MAC address (or vice-versa), it will drop these packets. If users have enabled the logging option for IP/MAC Binding, these packets will be logged before they are dropped. The router will then display the total number of dropped packets that violated either the IP-to-MAC Binding or the MAC-to-IP Binding.

Example: If three computers on the LAN are set up as follows:

Host1: MAC address (00:01:02:03:04:05) and IP address (192.168.10.10)

Host2: MAC address (00:01:02:03:04:06) and IP address (192.168.10.11)

Host3: MAC address (00:01:02:03:04:07) and IP address (192.168.10.12)

If all the above host entries are added to the IP/MAC Binding table, the following scenarios indicate the possible outcome.

Host1: Matching IP & MAC address in IP/MAC Table.

Host2: Matching IP but inconsistent MAC address in IP/MAC Table.

Host3: Matching MAC but inconsistent IP address in IP/MAC Table.

The router will block the traffic coming from Host2 and Host3, but allow the traffic coming from Host1 to any external network. The total count of dropped packets will be displayed.

To invoke the IP/MAC Binding Table screen:

1.Select Security from the main menu and IP/MAC Binding from the sub-menu. The IP/MAC Binding screen will display.

4-26

Firewall Protection and Content Filtering

v1.0, March 2008

Page 81 Page 83
Page 82
Image 82
NETGEAR FVS338 manual IP/MAC Binding
Page 81 Page 83
Top Page Image Contents