Shulou(Shulou.com)06/01 Report--

For Lans where layer 3 switches are divided into multiple VLAN, it is not easy to set up IP-MAC bindings. IP-MAC binding on layer 3 switches is not only complex to configure, but also requires a lot of maintenance, so most network managers do not bind directly on layer 3 switches. In this article, I will introduce the use of WSG Internet behavior management, in the bridge deployment mode, how to achieve IP and MAC binding under the layer 3 switch.

1. Take a look at the network topology first.

2. WSG is deployed by bridge.

After the bridge parameters are configured, they are plug and play without any modification to the existing network parameters. Existing firewalls / routers and layer 3 switches do not need to modify the configuration.

3. Turn on the MAC address collector

Because the layer 3 switch shields the mac address of the terminal, in the network environment of the layer 3 switch, it is necessary to turn on the "MAC address collector" to monitor the MAC address of the terminal.

Open in "Module"-> "other"-> "MAC address Collector". The MAC address Collector can collect terminal mac address information from layer 3 switches through SNMP protocol.

Click the test to pass.

4. Configure IP-MAC binding

You can import the online IP-MAC list directly, or you can add it in batch.

In the configuration of IP-MAC binding, select "do not surf the Internet" for the IP outside the binding list.

After the above configuration, IP-MAC binding across network segments can be realized. WSG's IP-MAC binding is based on packet-grabbing analysis of network data, and Internet access is prohibited as long as it does not meet the configuration of IP-MAC binding. Even if the client modifies the IP, it cannot be broken.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.