User's Manual
UTT Technologies Chapter 7 Advanced
http://www.uttglobal.com Page 114
7.2 IP/MAC Binding
This section describes the Security > IP/MAC Binding page.
7.2.1 Introduction to IP/MAC Binding
7.2.1.1 IP/MAC Binding Overview
To achieve network security management, you should perform user identification before
performing user authorization. In this section, we describe how to implement user
identification. In Section 9.1 Firewall > Access Control, we will describe how to control
the Internet behaviors of the LAN users in detail.
The Wireless Router provides IP/MAC binding feature to implement user identification.
Using the IP/MAC address pair as a unique user identity, you can protect the Wireless
Router and your network against IP spoofing attacks. IP spoofing attack refers to that a
computer attempts to use another trusted computer’s IP address to connect to or pass
through the Wireless Router. The computer’s IP address can easily be changed to a
trusted address, but MAC address cannot easily be changed as it is added to the Ethernet
card at the factory.
7.2.1.2 The Operation Principle of IP/MAC Binding
For the sake of convenience, we firstly introduce several related terms including legal user,
illegal user and undefined user.
● Legal User: A legal user’ s IP and MAC address pair matches an IP/MAC binding
whose Allow check box is checked.
● Illegal User: An illegal user’s IP and MAC address pair matches an IP/MAC binding
whose Allow check box is cleared; or the IP address or MAC address is the same as
that of an IP/MAC binding, but not both.
● Undefined User: An undefined user’s IP address and MAC address both are
different from any IP/MAC binding. The undefined users are all the users except legal
and illegal users.
It allows the legal users to access the Wireless Router or access the Internet through the
Wireless Router, and denies the illegal users. And the parameter of Allow Undefined
LAN PCs determines whether it allows the undefined users to access the Wireless Router