How to configure IPSG static binding for trusted network devices

Zyxel小編 Lucious
Zyxel小編 Lucious Posts: 277  Zyxel Employee
25 Answers First Comment Friend Collector Third Anniversary
edited July 2022 in Network Security

This example will instruct the administrator on how to configure the switch to allow an administrator device to use a static IP address on the access port even while ARP Inspection in enabled. This allows the administrator device more freedom and take advantage of IP-specific policies configured on the network while non-administrative devices must still use IP addresses offered by the real DHCP server.

Note:

All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. All UI displayed in this article are taken from the XGS4600 series switch.


1. Configuration in the Switch

1-1. Access the Switch’s Web GUI.

1-2. Configure ARP Inspection.

Note:

DHCP Snooping and ARP Inspection must be enabled when applying Static Binding.

1-3. Go to Advance Application > IP Source Guard > IPv4 Source Guard Setup > Static Binding. Create a Static Binding entry using your device’s MAC address and IP address. Input the VLAN and port that this device is allowed unrestricted access. Click Add.


2. Test the Result

2-1. Go to Advance Application > IP Source Guard. An entry with your device’s MAC Address and IP Address should appear with “Static” Type and “Infinity” Lease in the IP Source Guard Table.

2-2. Configure your Admin-PC with the Static IP address. In this example, we use “192.168.1.10”. Connect this to any access port. This PC should be able to reach the USG.

2-3. Configure another random PC with this Static IP address. In this example, we use “192.168.1.10”. This random PC should be able to reach the USG (due to a different MAC address).