Why do you want to bind IP? Can you specify the IP can not be on the network? The reason to bind IP is because he will change the IP. For example, I am the IP on this computer is 192.168.1.11 this IP has been done in the firewall above the setting can not be online, but if I know that there is an IP is 192.168.1.30 IP can surf the internet, then I will not change the 192.168.1.11 replaced by 192.168.1.30 can be online? So the binding IP is to prevent him from changing IP. Because the MAC address of the network card is the only one in the world with our identity card, he had a change, he did not recognize. How does that bind?
For example, my IP is 192.168.1.11, the MAC address of the NIC is 00-11-2f-3f-96-88 (how do I see my mac address?) Enter Ipconfig/all at the command line and respond as follows:
Physical Address ..... . : 00-11-2f-3f-96-88
DHCP Enabled ...... : No
IP address. ...........:192.168.1.11
Subnet Mask ........... : 255.255.255.0
Default Gateway ..... . : 192.168.1.1
DNS Servers ........... : 61.177.7.1
Primary WINS Server .......:192.168.1.254
This information is your current computer's IP address and MAC address!
Next, enter at the command line: arp-s 192.168.1.11 00-11-2f-3f-96-88 carriage return.
is tied up.
If you want to see if binding, you can use Arp-a 192.168.1.11 carriage return, you will get the following tips:
Internet Address Physical Address Type
192.168.1.30 00-11-2f-3f-96-88 Static
It's OK.
What if you want to delete it? Command line input: arp-d 192.168.1.30 is erased.
Binding gateways:
Arp-s 192.168.1.1 XX-XX-XX-XX-XX (the MAC address of the Gateway)
View your own IP address and the MAC address of the network card. For Windows 98/me, run "winipcfg", the IP address you see in the dialog box, and the "adapter address" is the MAC address of the NIC. Under Windows 2000/XP System, to enter "Ipconfig/all" at the command prompt, the "Physical Address" in the list is the Mac, "IP address" is the IP; To bind the two, enter the "Arp-s IP address MAC address ", such as" Arp-s 192.168.0.28 54-44-4b-b7-37-21 "can be.
Another way is through the special LAN network management software, Internet behavior control software to bind the LAN computer IP address and MAC address, to prevent the arbitrary modification of IP address behavior.
At present, there are many local area network control software, network management monitoring software, generally have IP and MAC address binding function. Usually, through this kind of network management software can easily scan to the LAN computer IP address and MAC address, and then click the mouse can be implemented binding. For example, there is a "aggregated network management" software (download address:http://www.grabsun.com/ soft.html), only need to install on a local area network computer, can scan to the LAN all computer IP address and MAC address, and then click the mouse can be bound, after binding LAN computer will not be able to modify IP address and MAC address, once modified will not be able to surf the internet, thus preventing the computer to modify the behavior of IP address, the following figure Shows:
Figure: Making IP and Mac bindings
At the same time, through the "aggregated network management" software can also detect the LAN ARP attack behavior, once discovered the LAN ARP attack behavior, will automatically output the attacker's IP address and the MAC address, thus facilitates the network administrator to promptly examine attacks the source host, protects the local area network security. As shown in the following illustration:
Figure: Output ARP attack
In short, whether it is through the operating system's own IP and MAC address binding command, or through the use of specialized LAN network management software can be implemented LAN IP and MAC address binding function, but with the command for IP and Mac binding operations, The IP and MAC address bindings are simpler and more humane through network management monitoring software. Concrete use of the way, enterprises and institutions can according to their own needs to make a choice.