Netgear FVS318Gv2 – ProSAFE VPN Firewall Series Manual De Referência
Firewall Protection
199
NETGEAR ProSAFE VPN Firewall FVS318G v2
Set Up IP/MAC Bindings
IP/MAC binding allows you to bind an IPv4 or IPv6 address to a MAC address and the other
way around. Some computers or devices are configured with static addresses. To prevent
users from changing their static IP addresses, the IP/MAC binding feature must be enabled
on the VPN firewall. If the VPN firewall detects packets with an IP address that matches the
IP address in the IP/MAC Bindings table but does not match the related MAC address in the
IP/MAC Bindings table (or the other way around), the packets are dropped. If you enabled the
logging option for the IP/MAC binding feature, these packets are logged before they are
dropped. The VPN firewall displays the total number of dropped packets that violate either
the IP-to-MAC binding or the MAC-to-IP binding.
way around. Some computers or devices are configured with static addresses. To prevent
users from changing their static IP addresses, the IP/MAC binding feature must be enabled
on the VPN firewall. If the VPN firewall detects packets with an IP address that matches the
IP address in the IP/MAC Bindings table but does not match the related MAC address in the
IP/MAC Bindings table (or the other way around), the packets are dropped. If you enabled the
logging option for the IP/MAC binding feature, these packets are logged before they are
dropped. The VPN firewall displays the total number of dropped packets that violate either
the IP-to-MAC binding or the MAC-to-IP binding.
You can bind IP addresses to MAC addresses for DHCP assignment on the LAN Groups
screen. For more information, see
screen. For more information, see
As an example, assume that three computers on the LAN are set up as follows, and that their
IPv4 and MAC addresses are added to the IP/MAC Bindings table:
IPv4 and MAC addresses are added to the IP/MAC Bindings table:
•
Host 1. MAC address (00:01:02:03:04:05) and IP address (192.168.10.10)
•
Host 2. MAC address (00:01:02:03:04:06) and IP address (192.168.10.11)
•
Host 3. MAC address (00:01:02:03:04:07) and IP address (192.168.10.12)
Three scenarios are possible in relation to the addresses in the IP/MAC Bindings table:
•
Host 1 did not change its IP and MAC addresses. The IP and MAC addresses of a packet
coming from Host 1 match those in the IP/MAC Bindings table.
coming from Host 1 match those in the IP/MAC Bindings table.
•
Host 2 changed its MAC address to 00:01:02:03:04:09. The IP address of the packet
matches the IP address in the IP/MAC Bindings table but its MAC address does not
match the MAC address in the IP/MAC Bindings table.
matches the IP address in the IP/MAC Bindings table but its MAC address does not
match the MAC address in the IP/MAC Bindings table.
•
Host 3 changed its IP address to 192.168.10.15. The MAC address of the packet
matches the MAC address in the IP/MAC Bindings table but its IP address does not
match the IP address in the IP/MAC Bindings table.
matches the MAC address in the IP/MAC Bindings table but its IP address does not
match the IP address in the IP/MAC Bindings table.
In this example, the VPN firewall blocks the traffic coming from Host 2 and Host 3 but allows
the traffic coming from Host 1 to any external network. The total count of dropped packets is
displayed.
the traffic coming from Host 1 to any external network. The total count of dropped packets is
displayed.
IPv4/MAC Bindings
To set up a binding between a MAC address and an IPv4 address:
1.
Log in to the unit:
a. In the address field of any of the qualified web browsers, enter https://192.168.1.1.
a. In the address field of any of the qualified web browsers, enter https://192.168.1.1.
The NETGEAR Configuration Manager Login screen displays.
b. In the Username field, enter admin and in the Password / Passcode field, enter
password.
Use lowercase letters. If you changed the password, enter your personalized
password. Leave the domain as it is (geardomain).
password. Leave the domain as it is (geardomain).