Table of Contents
Advertisement
Firewall Configuration
Using Other Tools to Control Access to the Internet
STEP 1
STEP 2
STEP 3
STEP 4
Cisco SA500 Series Security Appliances Administration Guide
Configuring IP/MAC Binding to Prevent Spoofing
You can use IP/MAC binding to allow traffic from the LAN to the WAN only when
the host has an IP address that matches a specified MAC address. By requiring the
gateway to validate the source traffic's IP address with the unique MAC address of
device, the administrator can ensure that traffic from the specified IP address is
not spoofed. In the event of a violation (the traffic's source IP address doesn't
match up with the expected MAC address having the same IP address), the
packets will be dropped and can be logged for diagnosis.
Click Firewall > MAC Filtering > IP/MAC Binding.
The IP/MAC Binding window opens.
To add an IP/MAC binding to the table, click Add.
Other options: Click the Edit button to edit an entry. To delete an entry, check the
box and then click Delete. To select all entries, check the box in the first column of
the table heading.
After you click Add or Edit, the IP MAC Binding Configuration window opens.
Enter the following information:
•
Name: Enter a name for this IP/MAC binding.
•
MAC Address: Enter the MAC address.
•
IP Address: Enter the IP address.
•
Log Dropped Packets: Choose Enable to keep a log of all packets that are
dropped as a result of this security feature. Otherwise, choose Disable.
After you enable the logging, you can view these logs by clicking
NOTE
Status on the menu bar, and then clicking View Log > View All Logs.
Click Apply to save your settings.
4
128
Hide quick links:
Advertisement
Table of Contents
