Справочник Пользователя для ZyXEL Communications ZLD
ZyWALL (ZLD) CLI Reference Guide
131
C
H A P T E R
1 5
IP/MAC Binding
15.1 IP/MAC Binding Overview
IP address to MAC address binding helps ensure that only the intended devices get to use privileged
IP addresses. The ZyWALL uses DHCP to assign IP addresses and records to MAC address it
assigned each IP address. The ZyWALL then checks incoming connection attempts against this list.
A user cannot manually assign another IP to his computer and use it to connect to the ZyWALL.
IP addresses. The ZyWALL uses DHCP to assign IP addresses and records to MAC address it
assigned each IP address. The ZyWALL then checks incoming connection attempts against this list.
A user cannot manually assign another IP to his computer and use it to connect to the ZyWALL.
Suppose you configure access privileges for IP address 192.168.1.27 and use static DHCP to assign
it to Tim’s computer’s MAC address of 12:34:56:78:90:AB. IP/MAC binding drops traffic from any
computer with another MAC address that tries to use IP address 192.168.1.27.
it to Tim’s computer’s MAC address of 12:34:56:78:90:AB. IP/MAC binding drops traffic from any
computer with another MAC address that tries to use IP address 192.168.1.27.
15.2 IP/MAC Binding Commands
The following table lists the ip-mac-binding commands. You must use the
configure terminal
command to enter the configuration mode before you can use these commands.
Table 64
ip-mac-binding Commands
COMMAND
DESCRIPTION
[no] ip ip-mac-binding interface_name
activate
Turns on IP/MAC binding for the specified interface. The
no
command turns
IP/MAC binding off for the specified interface.
[no] ip ip-mac-binding interface_name
log
Turns on the IP/MAC binding logs for the specified interface. The
no
command turns IP/MAC binding logs off for the specified interface.
ip ip-mac-binding exempt name start-ip
end-ip
Adds a named IP range as being exempt from IP/MAC binding.
no ip ip-mac-binding exempt name
Deletes the named IP range from the list of addresses that are exempt from
IP/MAC binding.
IP/MAC binding.
show ip ip-mac-binding interface_name
Shows whether IP/MAC binding is enabled or disabled for the specified
interface.
interface.
show ip ip-mac-binding all
Shows whether IP/MAC binding is enabled or disabled for all interfaces.
show ip ip-mac-binding status
interface_name
Displays the current IP/MAC bindings for the specified interface.
show ip ip-mac-binding status all
Displays the current IP/MAC bindings for all interfaces.
show ip ip-mac-binding exempt
Shows the current IP/MAC binding exempt list.
ip ip-mac-binding clear-drop-count
interface_name
Resets the packet drop counter for the specified interface.
debug ip ip-mac-binding activate
Turns on the IP/MAC binding debug logs.
no debug ip ip-mac-binding activate
Turns off the IP/MAC binding debug logs.