IP Mac Port Binding

IP-MAC-Port Binding (IMPB) is a strict way to control your wired clients, protecting them from hacker attacks. Malicious users usually use ARP spoofing or a man-in-the-middle attack to change or steal important data transmitted among your network. IMPB helps to verify the correctness of network packets from authorized clients and forbid those packets that have been changed by hackers.

Each IMPB authorized client must have a valid combination of IP address, MAC address, and switch port connection. Any packet transmission on switches that does not match all these three elements will be treated as an illegal packet and dropped.

IMPB is a function that is suitable for applications that require highly secured networks, such as an ISP, government, or military.

Protected Switch Port List

When a switch port is added to the list, the port will be added to the DHCP snooping trusted port, and IPSG will be enabled on that port as well. When a switch has no port in the list, IPSG will be disabled.

IMPB Client List

IMPB client list controls the permission on all protected ports. Once an IP/MAC/Port combination has been added to the list, the corresponding switch will increase an IPSG rule locally to permit the device.

How to Configure

There are two ways to configure IP-MAC-Port Binding for clients.

If you'd like to bind an existing client, go to Manage > Clients > Wired Clients and use IMPB action to bind it (them).

If you'd like to bind clients that do not exist in the wired client list. Go to Configure > Client Access Control > IP-MAC-Port Binding, adding a switch/port that you'd like to do IMPB to the Protected Switch Port list, and then add the client to the IMPB Client List to bind it to the corresponding port.