LAN Ip-mac binding Scheme

Ip-mac binding on LAN devices is an important means of network management, which can effectively prevent IP misappropriation, IP abuse, IP address conflicts and other anomalies.

Ip-mac binding can be implemented in a variety of ways, in this article, I will introduce some common LAN Ip-mac binding scheme.

1. Domain Group Policy prohibits modification of IP

Set a fixed IP address for each computer and do not open Administrator privileges (clients cannot modify it themselves). This program can only work on the computer, generally in the domain environment of the local area network used more. The Group Policy configuration in the.

650) this.width=650; "Src=" Http://www.imfirewall.com/blog/zb_users/upload/2017/06/201706221498114042478070.png " Title= "201706221498114042478070.png" alt= "201706221498114042478070.png" style= "width:800px;" width= "vspace=" 0 "border=" 0 "/>

2. Switch-based port binding

The port settings for the switch are IP-MAC bound. This scheme is the most stringent ip-mac binding scheme, but requires the switch to have this function, and the configuration is more complex. Take Huawei S5700 Switch as an example, the command is as follows:

650) this.width=650; "Src=" Http://www.imfirewall.com/blog/zb_users/upload/2017/06/201706221498114187118620.png " Title= "201706221498114187118620.png" alt= "Qq20170622144605.png"/>

3. Static IP assignment on the DHCP server

Static IP assignment on the DHCP server so that the client can obtain the same IP address each time, the DHCP server can be a router or a switch. Note, however, that static address assignment for DHCP does not prevent the IP from being manually modified to bypass the binding. Therefore, it is generally necessary to use other means, such as:

• ARP bindings, which are typically configured on the switch. Only devices that correspond to IP and Mac can be connected to the Internet.

• Bypass Internet behavior Management. After configuring the static IP, enable the "Ip-mac binding" feature of the Wfilter ICF Internet Behavior Management software. Once the client modifies the IP, it will be banned from the Internet.

650) this.width=650; "Src=" http://www.wfilter.org/images/thumb/3/3b/Ip-mac-binding01.png/ 800px-ip-mac-binding01.png "alt=" Ip-mac-binding01.png "/>

4. Ip-mac Binding of Wfilter NGF

WFILTERNGF, as well as the WSG Internet Behavior Management gateway based on the system, has both DHCP static IP assignment function and IP-MAC verification. The ability to "static IP assignment" and "Ip-mac binding" can be achieved without additional devices, and IP-MAC bindings across VLANs are also possible. Configuration such as:

650) this.width=650; "Src=" Http://www.imfirewall.com/blog/zb_users/upload/2017/03/201703301490853775126646.png " alt= "201703301490853775126646.png" title= "201703301490853775126646.png" style= "width:900px;" width= "vspace=" 0 "border=" 0 "/>

LAN Ip-mac binding Scheme