Ip/Mac Binding; Adding Ip/Mac Binding Addresses; Enabling Ip/Mac Binding - D-Link DFL-500 User Manual

Adding a Virtual IP:

IP/MAC binding

IP/MAC binding provides added security against IP Spoofing attacks. IP Spoofing attempts to use the IP
address of a trusted computer to access the DFL-500 from a different computer. The IP address of a
computer can easily be changed to a trusted address, but MAC addresses are added to ethernet cards at the
factory and cannot easily be changed.
You can enter the IP addresses and corresponding MAC addresses of trusted computers into the DFL-500
firewall configuration. When a data packet arrives from a trusted IP address, it is checked to determine
whether the MAC address that the packet originated from matches the MAC address in the table. The DFL-
500 checks all packets arriving at the DFL-500 whether they are directed at the DFL-500 or are meant to be
passed through.
MAC addresses are only carried on the local network where they originate, and are not passed from one
network to another.
This section describes:
•

Adding IP/MAC binding addresses

•

Enabling IP/MAC binding

Adding IP/MAC binding addresses
•
Go to Firewall > IP/MAC Binding > IP MAC .
•
Click New to add an IP address/MAC address pair.
•
Click Enable to activate the IP/MAC binding pair.
Enabling IP/MAC binding
•
Go to Firewall > IP/MAC Binding > Setting .
•
Click Enable IP/MAC.
•
Select one of the following:
Allow traffic when
not defined in the
table
Deny traffic when
not defined in the
table
DFL-500 User's Manual
The DFL-500 lets traffic with a source address not found in the IP/MAC binding table pass
through the firewall. Any traffic with a source address that is defined in the IP/MAC binding
table must have the correct MAC address or it is blocked.
The DFL-500 blocks all traffic with a source address that is not found in the IP/MAC binding
table. Any traffic with a source address that is defined in the IP/MAC binding table must
have the correct MAC address or it is also blocked.
40