Cisco WS-CE500-24TT Administration Guide - Page 128
Configuring IP/MAC Binding to Prevent Spoofing, > MAC Filtering > IP/MAC Binding
UPC - 882658054068
View all Cisco WS-CE500-24TT manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 128 highlights
Firewall Configuration Using Other Tools to Control Access to the Internet 4 Configuring IP/MAC Binding to Prevent Spoofing You can use IP/MAC binding to allow traffic from the LAN to the WAN only when the host has an IP address that matches a specified MAC address. By requiring the gateway to validate the source traffic's IP address with the unique MAC address of device, the administrator can ensure that traffic from the specified IP address is not spoofed. In the event of a violation (the traffic's source IP address doesn't match up with the expected MAC address having the same IP address), the packets will be dropped and can be logged for diagnosis. STEP 1 Click Firewall > MAC Filtering > IP/MAC Binding. The IP/MAC Binding window opens. STEP 2 To add an IP/MAC binding to the table, click Add. Other options: Click the Edit button to edit an entry. To delete an entry, check the box and then click Delete. To select all entries, check the box in the first column of the table heading. After you click Add or Edit, the IP MAC Binding Configuration window opens. STEP 3 Enter the following information: • Name: Enter a name for this IP/MAC binding. • MAC Address: Enter the MAC address. • IP Address: Enter the IP address. • Log Dropped Packets: Choose Enable to keep a log of all packets that are dropped as a result of this security feature. Otherwise, choose Disable. NOTE After you enable the logging, you can view these logs by clicking Status on the menu bar, and then clicking View Log > View All Logs. STEP 4 Click Apply to save your settings. Cisco SA500 Series Security Appliances Administration Guide 128