3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

111

112

113

114

115

116

117

118

119

120

MAC and IP Address Binding 115

MAC and IP Address

Binding

Introduction to MAC and

IP Address Binding

MAC and IP address binding means the firewall associates the specific IP address

and MAC address based on the client configuration. In this way, firewall will

discard the so-called packet whose MAC address does not correspond to the

associated IP address and forcibly forwards the packet whose destination address

is the specific IP address to the associated MAC address. This effectively avoids the

imitated IP address attack to protect the network.

Creating MAC and IP address binding

Using the following commands, you can create an address binding map.

firewall mac-binding sour-addr mac-addr

Address binding map is created based on IP address. If an identical IP address is

configured in the address binding map, the newly configured entry will replace the

old one. One MAC address can be bound with various IP addresses.

Removing MAC and IP address binding

Using the following commands, you can remove one or all address binding map(s).

undo firewall mac-binding [ sour-addr ]

With parameter sour-addr, the specific IP address binding will be removed.

Without this parameter, all entries in the current address binding list will be

removed.

The creation and deletion of address binding map is independent of address

binding function, that is, address binding map can be created and removed no

matter whether the address binding is enabled or not.

Enabling MAC and IP address binding

Only when address binding is enabled, can firewall compare the IP address and

MAC address of the packet based on the address binding map and deny the

packet not meeting the binding map. Otherwise, it will not discard any packet

even the packet whose IP address and MAC address do not meet the binding

map.

Using the following commands, you can enable address binding.

firewall mac-binding enable

Using the following commands, you can disable address binding.

undo firewall mac-binding enable

By default, address binding is disabled.

Configuring MAC and IP

Address Binding

MAC and IP address binding configuration includes:

■ Configuring MAC and IP address binding map