IP/MAC Binding on Flex H series
Ally Member
Hello community,
is it possible to configure IP/MAC binding as it is in the "interface" settings of the ATP GUI?
I cannot find it, nor on-premise nor in the nebula configuration
I found a more or less recent FAQ about MAC binding here but it just refers to the ATP GUI.
Thanks😜
Accepted Solution
-
So tested it out seems to work "Source IP Spoofing Prevention" where by any static IPs are blocked unless allowed by Trusted IP.
and any Reserved IP/MAC that you make static are allowed even if not in Trusted IP but with Include DHCP Leasing Entries on
1
Guru Member
All Replies
-
Hi @QuiteSmart
This feature is renamed as "IP Spoofing Prevention."
FAQ: USG FLEX H Series - Source IP Spoofing Prevention — Zyxel Community
Zyxel Melen0 -
Then you @Zyxel_Melen ,
does it work even when some mac addresses have the IP locked with DHCP reservation?
0 -
guess thats what the "Include DHCP Leasing Entries" toggle is?
unless your looking for this?
0 -
Hello @PeterUK I hope you had/are having nice vacations,
I must admit that since @Zyxel_Melen reply I still have to test it
What I would like to get is the following:
- DHCP is on that interface
- I have some devices with DHCP reservation in place (like in @PeterUK screenshot)
- In case a host connects with DHCP he is alllowed
- In case a host connects with a static IP it is banned and log alert reported
- Hosts with DHCP reservation are allowed and DHCP reservation takes place
- Eventually (since i saw something that seems alike) i can whitelist some ip addresses (in case a host presents itself with that static IP it is allowed)
It seems to me that everything can be done I just wanted to double check on the DHCP reserved hosts since AFAIK on ATP series they were not allowed in such a scenario
0 -
SO your looking for the "Enable IP/MAC Binding and DHCP Enforcement" ?
0 -
yes, sir!
0 -
So tested it out seems to work "Source IP Spoofing Prevention" where by any static IPs are blocked unless allowed by Trusted IP.
and any Reserved IP/MAC that you make static are allowed even if not in Trusted IP but with Include DHCP Leasing Entries on
1 -
your "guru member" status is well deserved, thank you mate!
0
Zyxel Employee
Categories
- All Categories
- 438 Beta Program
- 2.7K Nebula
- 188 Nebula Ideas
- 121 Nebula Status and Incidents
- 6.2K Security
- 451 USG FLEX H Series
- 301 Security Ideas
- 1.6K Switch
- 80 Switch Ideas
- 1.3K Wireless
- 44 Wireless Ideas
- 6.8K Consumer Product
- 278 Service & License
- 434 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 91 Security Highlight
