Network Card bundling: prevents unauthorized use of your IP address to access the Internet

If someone else changes the MAC address, it is possible to successfully steal your internet account. To prevent IP address theft, the network administrator should take the following measures:

1. Bind the user's IP address with the MAC address

The network administrator configures on the vswitch and vro, or enters the MS-DOS mode, enter the command at the command prompt: ARP-S 202.201.101.01 00-01-02-03-04-05, you can bind the MAC address (00-01-02-03-04-05) with the IP address (202.201.101.01. * J.5VPml *

Note: ARP commands are only useful for LAN proxy servers and for static IP addresses. If Modem is used for dial-up or dynamic IP addresses, they do not work.

2. IP-MAC-PORT three binding

The above method of binding an IP address to a MAC address does not actually solve the IP address theft problem. In fact, the most effective solution is to bind a PORT to an IP address or a MAC address, that is, the IP-MAC-PORT is bound together.

Operation Procedure: During cabling, it is recommended that each switch port be connected to only one host. The network administrator should match the junction box on the user wall with the port on the switch one by one and complete the registration; then fill in the user's MAC address to the corresponding switch port; and then bind with the IP address, to achieve the IP-MAC-PORT of the three bindings. In this way, even if the hacker has the MAC address corresponding to the IP address, but it is impossible to have the same port on the wall, it can prevent IP address theft. In addition, the network management can also use other methods to prevent IP address theft, such as configuring VLAN of the switch and using user authentication. Due to space limitations, this will not be expanded here.