Ip-Mac-Port Binding (Impb); Impb Global Settings - D-Link DGS-3000 Series Reference Manual

BadAuthenticators
PendingRequests
Timeouts
UnknownTypes
PacketsDropped
Click the Clear button to clear the current statistics shown.

IP-MAC-Port Binding (IMPB)

The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these
two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC-port
binding is to restrict the access to a Switch to a number of authorized users. Authorized clients can access a Switch's
port by either checking the pair of IP-MAC addresses with the pre-configured database or if DHCP snooping has been
enabled in which case the Switch will automatically learn the IP/MAC pairs by snooping DHCP packets and saving
them to the IMPB white list. If an unauthorized user tries to access an IP-MAC binding enabled port, the system will
block the access by dropping its packet. For the Switch, active and inactive entries use the same database. The
maximum number of entries that can be created is 510, by which only a maximum of 255 entries can be active at any
given time. The creation of authorized users can be manually configured by CLI or Web. The function is port-based,
meaning a user can enable or disable the function on the individual port.

IMPB Global Settings

Users can enable or disable the Trap/Log State and DHCP Snoop state on the Switch. The Trap/Log field will enable
and disable the sending of trap/log messages for IP-MAC-port binding. When enabled, the Switch will send a trap
message to the SNMP agent and the Switch log when an ARP packet is received that doesn't match the IP-MAC-port
binding configuration set on the Switch.
To view this window, click Security > IP-MAC-Port Binding (IMPB) > IMPB Global Settings as shown below:
The fields that can be configured are described below:
DGS-3000 Series Gigabit Ethernet Switch Web UI Reference Guide
The number of RADIUS Accounting-Response packets, which contained invalid
authenticators, received from this server.
The number of RADIUS Accounting-Request packets sent to this server that have not yet
timed out or received a response. This variable is incremented when an Accounting-
Request is sent and decremented due to receipt of an Accounting-Response, a timeout
or a retransmission.
The number of accounting timeouts to this server. After a timeout the client may retry to
the same server, send to a different server, or give up. A retry to the same server is
counted as a retransmit as well as a timeout. A send to a different server is counted as
an Accounting-Request as well as a timeout.
The number of RADIUS packets of unknown type which were received from this server
on the accounting port.
The number of RADIUS packets, which were received from this server on the accounting
port and dropped for some other reason.
Figure 8-26 IMPB Global Settings
224