15
IP/MAC Binding
15.1 IP/MAC Binding Overview
IP address to MAC address binding helps ensure that only the intended devices get to use privileged IP addresses. The ZyWALL uses DHCP to assign IP addresses and records to MAC address it assigned each IP address. The ZyWALL then checks incoming connection attempts against this list. A user cannot manually assign another IP to his computer and use it to connect to the ZyWALL.
Suppose you configure access privileges for IP address 192.168.1.27 and use static DHCP to assign it to Tim’s computer’s MAC address of 12:34:56:78:90:AB. IP/MAC binding drops traffic from any computer with another MAC address that tries to use IP address 192.168.1.27.
15.2 IP/MAC Binding Commands
The following table lists the
Table 64
COMMAND | DESCRIPTION |
[no] ip | Turns on IP/MAC binding for the specified interface. The no command turns |
activate | IP/MAC binding off for the specified interface. |
[no] ip | Turns on the IP/MAC binding logs for the specified interface. The no |
log | command turns IP/MAC binding logs off for the specified interface. |
ip | Adds a named IP range as being exempt from IP/MAC binding. |
| |
|
|
no ip | Deletes the named IP range from the list of addresses that are exempt from |
| IP/MAC binding. |
|
|
show ip | Shows whether IP/MAC binding is enabled or disabled for the specified |
| interface. |
show ip | Shows whether IP/MAC binding is enabled or disabled for all interfaces. |
show ip | Displays the current IP/MAC bindings for the specified interface. |
interface_name |
|
|
|
show ip | Displays the current IP/MAC bindings for all interfaces. |
show ip | Shows the current IP/MAC binding exempt list. |
ip | Resets the packet drop counter for the specified interface. |
interface_name |
|
|
|
debug ip | Turns on the IP/MAC binding debug logs. |
no debug ip | Turns off the IP/MAC binding debug logs. |
| 131 |
ZyWALL (ZLD) CLI Reference Guide | |
|
|