Manualshelf

User's Manual

ManualsBrandsSHANGHAI UTT TECHNOLOGIES ManualsElectronicsRouter
321322323324325326327328329330
UTT Technologies Chapter 12 Security
http://www.uttglobal.com Page 313
12.2 IP/MAC Binding
This section describes the Security > IP/MAC Binding page.
12.2.1 Introduction to IP/MAC Binding
12.2.1.1 IP/MAC Overview
To achieve network security management, you should firstly implement user identification, and
then you should implement user authorization.
Section 12.3 Security > Firewall
describes
how to configure and use access control rules to control the Internet behaviors of the LAN
users. In this section, we will describe how to implement user identification.
The Device provides IP/MAC binding feature to implement user identification. Using the
IP/MAC address pair as a unique user identity, you can protect the Device and your network
against IP spoofing attacks. IP spoofing attack refers to that a host attempts to use another
trusted hosts IP address to connect to or pass through the Device. The hosts IP address can
easily be changed to a trusted address, but MAC address cannot easily be changed as it is
added to the Ethernet card at the factory.
The IP/MAC binding feature allows you to add the IP and MAC address pairs of trusted
LAN hosts in the IP/MAC Binding List. Note that in the IP/MAC Binding List, you can
allow or block Internet access for each IP/MAC binding user. After you have added a LAN
users IP and MAC address pair into the IP/MAC Binding List, if its Allow Internet
Access check box is selected (check mark
¥ appears), it will allow the user to access the
Device and Internet, else block the user.
12.2.1.2 The Operation Principle of IP/MAC Binding
For the sake of convenience, we firstly introduce several related terms including legal user,
illegal user and undefined user.
Legal User: A legal users IP and MAC address pair matches an IP/MAC binding whose
Allow Internet Access check box is selected.
Illegal User: A illegal users IP and MAC address pair matches an IP/MAC binding whose
Allow Internet Access check box is unselected; or the IP address or MAC address is the
same with an IP/MAC bindings, but not both.