Shulou(Shulou.com)06/01 Report--

Binding IP-MAC to LAN devices is an important means of network management, which can effectively prevent abnormal situations such as IP embezzlement, IP abuse, IP address conflicts and so on.

IP-MAC binding can be implemented in a variety of ways, and in this article, I will introduce some commonly used LAN IP-MAC binding schemes.

1. The group policy of the domain forbids modification of IP

Each computer is given a fixed IP address and administrator privileges are not open (clients cannot modify it on their own). This scheme can only work on computers, and it is generally used more in local area networks in domain environments. The group policy configuration is shown in the figure.

two。 Based on switch port binding

The port of the switch sets IP-MAC binding. This scheme is the most stringent IP-MAC binding scheme, but requires the switch to have this function, and the configuration is more complex. Take Huawei S5700 switch as an example, the command is as follows:

3. Static IP allocation on DHCP server

Static IP allocation on the DHCP server so that the client can get the same IP address each time, and the DHCP server can be a router or a switch. Note, however, that DHCP's static address assignment does not prevent manual modification of the IP to bypass the binding. Therefore, it is generally necessary to use it in conjunction with other means, such as:

ARP binding, generally configured on the switch. Only devices that correspond to IP and MAC can surf the Internet.

Bypass Internet behavior management. After configuring the static IP, enable the "IP-MAC binding" function of the WFilter ICF Internet behavior Management Software. Once the client modifies the IP, it will be disabled from surfing the Internet. As shown in the figure:

4. IP-MAC binding of WFilter NGF

WFilterNGF and the WSG online behavior management gateway based on this system not only have the static IP allocation function of DHCP, but also can do IP-MAC verification. The functions of "static IP allocation" and "IP-MAC binding" can be implemented without other devices, and IP-mac binding across VLAN can also be performed. The configuration is as follows:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.