A Complete Configuration Guide to IP/MAC Binding

Zyxel_Kay

Introduction

IP/MAC binding is a powerful tool in network security, allowing only authorised devices to access the network. This feature, configurable through a firewall, provides network administrators with better control and visibility over connected devices, helping to safeguard the network from unauthorised access.

Configuration Steps

Follow these steps to configure IP/MAC binding accurately:

Step 1: Access IP/MAC Binding Settings

1. Go to MONITOR > Network Status > DHCP TableThis page shows information about devices that have automatically acquired an IP address. Use the search function at the top to quickly locate a specific device.
2. Select the desired device:
   • Reserve: Permanently binds the IP to this MAC address, ensuring the device always receives the same IP.
   • Unreserve: Removes the IP/MAC association.
   • Release: Frees up the IP for reassignment to other devices.
     

Step 2: Add an IP/MAC Binding Rule

1. Go to CONFIGURATION > Network > Interface.
2. Edit the interface where you want to apply the binding rule by double-clicking on it.
3. Enter the IP and MAC address to complete the binding (you may add a description for identification purposes).
   

When both IP/MAC binding and DHCP enforcement are enabled, the firewall will automatically block the following types of clients:

1. Clients not listed in the binding table.
2. Clients that have not received an IP address directly assigned by the firewall.

If you only want to enable IP/MAC binding without enforcement, do not select DHCP enforcement. With DHCP enforcement enabled, clients not on the binding list can still acquire an IP address automatically.

To monitor blocked clients, enable IP/MAC binding violation logs, which will create an entry in the event log for each blocked client.

Appendix - Importing an IP/MAC Binding List

For environments requiring multiple IP/MAC bindings, you can quickly import a binding list by following these steps:

Step 1: Edit the Interface IP/MAC Binding Table

1. Go to Settings > Network > Interface.
2. Add at least one entry to the static DHCP table.
   

Step 2: Use the Import Function

1. Click Import, then Next. The firewall will export a template .csv file automatically.
   

Step 3: Edit the Template

1. Edit the exported file as needed, and save it in its original CSV format.
   

Important Notes: Do not change the file name or the default data format. Ensure the description field does not exceed 60 characters. Valid characters include [0-9][0-2][A-Z] [()+/:=:*#@$_%门, and spaces are not allowed.

Step 4: Upload the Edited Template

Upload the updated CSV file to complete the import process.

Testing the Configuration

After completing the setup, restart or reconnect the network device to ensure it passes through the firewall as expected.

Best Practices

• Update Regularly: Update IP/MAC binding rules when devices are changed or updated.
• Review Periodically: Regularly review the binding list to remove invalid or unnecessary entries.
• Add New Devices: When a new device requires network access, make sure to add its IP/MAC binding on the firewall.
• Random MAC Addresses: Verify whether connected devices are using random MAC addresses, as this may affect IP/MAC binding.

Conclusion

Implementing IP/MAC binding can significantly strengthen your network security, reduce IP conflicts, and enhance device control. Follow these steps and adjust as needed for your specific firewall model and version.