xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch
IP-MAC-Port Binding
The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these two address
types together allows the transmission of data between the layers. The primary purpose of IP-MAC binding is to restrict the access
to a switch to a number of authorized users. Only the authorized client can access the Switch’s port by checking the pair of IP-
MAC addresses with the pre-configured database. If an unauthorized user tries to access an IP-MAC binding enabled port, the
system will block the access by dropping its packet. The maximum number of IP-MAC binding entries is dependant on chip
capability (e.g. the ARP table size) and storage size of the device. For the xStack DGS-3400 Series switches, the maximum
number of IP-MAC Binding entries is 500. The creation of authorized users can be manually configured by CLI or Web. The
function is port-based, meaning a user can enable or disable the function on the individual port.
ACL Mode
89
Figure 6- 62. ACL Table – IP-MAC-Port ACL Mode Enabled
Due to some special cases that have arisen
with the IP-MAC binding, this Switch has
been equipped with a special ACL Mode for
IP-MAC Binding, which should alleviate this
problem for users. When enabled in the
IP-
MAC Binding Port
window, the Switch will
create two entries in the Access Profile Table
as shown below. The entries may only be
created if there are at least two Access Profile
IDs available on the Switch. If not, when the
ACL Mode is enabled, an error message will
be prompted to the user. When the ACL
Mode is enabled, the Switch will only accept
IP packets from a created entry in the IP-
MAC Binding Setting window. All others
will be discarded.
To view the particular configurations associated with these two entries, click their corresponding
View
button, which will display
the following:
Figure 6- 63. Access Profile Entry Display for IP-MAC ACL Mode Enabled Entries
These two entries cannot be modified or deleted using the Access Profile Table. The user may only remove these two entries by
disabling the ACL Mode in the IP-MAC Binding Port window.
Also, rules will be created for every port on the Switch. To view the ACL rule configurations set for the ACL mode, click the
corresponding modify button of the entry in the Access Profile Table, which will produce a window similar to the example to the
right. The user may view the configurations on a port-by-port basis by clicking the
View
button under the
Display
heading of the
corresponding port entry. These entries cannot be modified or deleted, and new rules cannot be added. Yet, these windows will
offer vital information to the user when configuring other access profile entries.
Figure 6- 64. Access Rule Tables for IP-MAC Binding rule
Summary of Contents for xStack DGS-3400 Series
Page 303: ...D Link D Link D Link D Link 495 744 00 99 http www dlink ru email support dlink ru...
Page 306: ......
Page 323: ......
Page 326: ......