Shulou(Shulou.com)06/01 Report--

1. Why IP-mac binding?

IP-MAC binding is an important means of network management. Enabling IP-MAC binding in a LAN can bring you the following benefits:

Only the bound devices can be connected to the network, thus effectively preventing private devices.

Most of the Internet access and flow control strategies are based on IP address, so it is necessary to bind IP and MAC to better apply the Internet strategy.

To achieve effective Internet records and statistics. If not bound, then record statistics can not be effectively located to specific users.

Save IP resources and prevent IP embezzlement.

Reduce ARP***, and eliminate IP address conflicts, thereby improving the stability of the network.

Therefore, for the enterprise office local area network, the benefits of IP-MAC binding are obvious. I suggest that any conditional local area network should be bound with ip-mac, at least partially (such as office equipment binding, mobile phone equipment automatic allocation), which can effectively improve the security and stability of the network.

two。 Do you want to bind devices with wireless Internet access?

Mobile phones and other wireless devices, the default is to automatically obtain IP, and mobile phones are personal belongings, network management can not operate directly. There are two kinds of requirements here.

2.1) access to wireless devices is not restricted.

To put it simply: set a separate VLAN for the wireless device, all get the IP automatically, and set the speed limit on the wireless network segment on the gateway. In this case, there is no need for binding, and the same online behavior strategy and flow control strategy are configured for all wireless device network segments. The advantage is that it is convenient to configure and deploy, and the disadvantage is that it can only achieve one-size-fits-all management, can not control the access of wireless devices, and can not set Internet access strategy alone, and the speed and stability of wireless Internet access can not be guaranteed.

2.2) strict certification of wireless devices.

Some local area networks are so strict that only allowed devices can be accessed. In this case, you need to bind the wireless device to IP-MAC, and configure static address assignment on the DHCP (such as WFilter NGF's IP-MAC binding feature). Even if the phone is set to automatically obtain IP, you will get the same IP address every time, and there is no need to modify the configuration of the phone. The advantage of this scheme is that access is strictly controlled, Internet policies and recording statistics can be corresponding to individuals; the disadvantage is that you need to register and manage the mac address and ip address of each mobile phone, which is more troublesome to manage.

2.3) Web authentication for wireless devices.

Do not bind IP-mac, but enable "Web authentication" to manage and count based on account numbers. It is also an effective way of management. As shown in the figure:

Generally speaking, if the device has the condition to do IP-MAC binding, it is recommended to do it. If the device does not support it, you can use the scheme described in "2.1". Recommended reference: WFilter LAN IP-MAC binding scheme

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.