D-Link DES-3852 Product Manual - Page 324
IP-MAC Binding Commands, create address_binding ip_mac ipaddress, enable address_binding acl_mode
UPC - 790069289460
View all D-Link DES-3852 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 324 highlights
xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual 46 IP-MAC BINDING COMMANDS The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC binding is to restrict the access to a switch to a number of authorized users. Only the authorized client can access the Switch's port by checking the pair of IP-MAC addresses with the pre-configured database. If an unauthorized user tries to access an IP-MAC binding enabled port, the system will block the access by dropping its packet. The maximum number of IP-MAC binding entries is dependant on chip capability (e.g. the ARP table size) and storage size of the device. For the DES-3800 series, the maximum number of IP-MAC Binding entries is 512. The creation of authorized users can be manually configured by CLI or Web. The function is port-based, meaning a user can enable or disable the function on the individual port. ACL Mode Due to some special cases that have arisen with the IP-MAC binding, this Switch has been equipped with a special ACL Mode for IP-MAC Binding, which should alleviate this problem for users. When enabled, the Switch will create two entries in the Access Profile Table. The entries may only be created if there are at least two Profile IDs available on the Switch. If not, when the ACL Mode is enabled, an error message will be prompted to the user. When the ACL Mode is enabled, the Switch will only accept packets from a created entry in the IP-MAC Binding Setting window. All others will be discarded. To configure the ACL mode, the user must first create an IP-MAC binding using the create address_binding ip_mac ipaddress command and select the mode as acl. Then the user must enable the mode by entering the enable address_binding acl_mode command. If an IP-MAC binding entry is created and the user wishes to change it to an ACL mode entry, the user may use the config address_binding ip_mac ipaddress command and select the mode as acl. NOTE: When configuring the ACL mode for the IP-MAC binding function, please pay close attention to previously set ACL entries. Since the ACL mode entries will fill the first two available access profiles and access profile IDs denoting the ACL priority, the ACL mode entries may take precedence over other configured ACL entries. This may render some userdefined ACL parameters inoperable due to the overlap of some settings combined with the ACL entry priority (defined by profile ID). For more information on ACL settings, please see "Configuring the Access Profile" section mentioned previously in this chapter. NOTE: Once ACL profiles have been created by the Switch through the IP-MAC binding function, the user cannot modify, delete or add ACL rules to these ACL mode access profile entries. Any attempt to modify, delete or add ACL rules will result in a configuration error as seen in the previous figure. NOTE: When downloading configuration files to the Switch, be aware of the ACL configurations loaded, as compared to the ACL mode access profile entries set by this function, which may cause both access profile types to experience problems. The IP-MAC Binding commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. 320