3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
MAC and IP Address Binding 117
MAC and IP Address
Binding Configuration
Example
Network requirements
The server and the client PC are located in the firewall trust zone and untrust zone
respectively. The client PC is at 202.0.0.1 and the corresponding MAC address is
00e0-fc00-0100. Configure address binding map on the firewall that only the
packet meeting the above map can pass the firewall and the packet sent to
202.0.0.1 is forwarded to the network card at 00e0-fc00-0100.
Network diagram
Figure 22 Network diagram for MAC and IP address binding
Configuration procedure
Switch 8807 (SecBlade)
# Divide VLANs.
<SW8800> system-view
[SW8800] vlan 10
[3Com-vlan10] quit
[SW8800] vlan 30
[3Com-vlan30] quit
[SW8800] vlan 50
[3Com-vlan50] quit
# Configure the IP address.
[SW8800] interface vlan-interface 10
[3Com-Vlan-interface10] ip address 10.0.0.254 24
[3Com-Vlan-interface10] quit
[SW8800] interface vlan-interface 30
Enable the debugging of MAC and IP address
binding
debugging firewall mac-binding [ all |
item | packet ]
Table 105 Display and debug MAC and IP address binding
Operation Command
SecBlade
S8505
Vlan
30
Vlan10
Vlan
50
Vlan
50
Trust Zone
Untrust
Zone
Server 10.0.0.1/24
30.0.0.254/24
202.0.0.254/24
30.0.0.1/24
10.0.0.254/24
Client 202.0.0.1/24
SecBlade
S8800
Vlan
30
Vlan10
Vlan
50
Vlan
50
Trust Zone
Untrust
Zone
Server 10.0.0.1/24
30.0.0.254/24
202.0.0.254/24
30.0.0.1/24
10.0.0.254/24
Client 202.0.0.1/24