D-Link DES-3526DC Product Manual - Page 127
IP-MAC Binding, ACL Mode
View all D-Link DES-3526DC manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 127 highlights
xStack DES-3500 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual IP-MAC Binding The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC binding is to restrict the access to a switch to a number of authorized users. Only the authorized client can access the Switch's port by checking the pair of IPMAC addresses with the pre-configured database. If an unauthorized user tries to access an IP-MAC binding enabled port, the system will block the access by dropping its packet. The maximum number of IP-MAC binding entries is dependant on chip capability (e.g. the ARP table size) and storage size of the device. For the xStack DES-3500 Series switches, the maximum number of IP-MAC Binding entries is 512. The creation of authorized users can be manually configured by CLI or Web. The function is port-based, meaning a user can enable or disable the function on the individual port. ACL Mode Due to some special cases that have arisen with the IP-MAC binding, this Switch has been equipped with a special ACL Mode for IP-MAC Binding, which should alleviate this problem for users. When enabled in the IP-MAC Binding Port window, the Switch will create two entries in the Access Profile Table as shown below. The entries may only be created if there are at least two Access Profile IDs available on the Switch. If not, when the ACL Mode is enabled, an error message will be prompted to the user. When the ACL Mode is enabled, the Switch will only accept IP packets from a created entry in the IP-MAC Binding Setting window. All others will be discarded. Figure 6- 96. Access Profile Table -IP-MAC ACL Mode Enabled To view the particular configurations associated with these two entries, click their corresponding hyperlinked Profile IDs, which will display the following: Figure 6- 97. Access Profile Entry Display for IP-MAC ACL Mode Enabled Entries These two entries cannot be modified or deleted using the Access Profile Table, and any attempt to do so will result in the following warning message: Figure 6- 98. IP-MAC ACL Mode warning 113