User's Manual

ManualsBrandsSHANGHAI UTT TECHNOLOGIES ManualsElectronicsRouter

421

422

423

424

425

426

427

428

429

430

UTT Technologies Appendix B FAQ

http://www.uttglobal.com Page 407

6. IP/MAC Binding and Access Control

This section mainly describes the characteristics of the IP/MAC binding and access control

functions, and the relationship between them. Its purpose is to help you better understand

them, and use them to flexibly control and manage the Internet behaviors of the LAN

users to enhance network security.

To achieve network security management, you should firstly implement user identification, and

then you should implement user authorization. On the Device, you can use IP/MAC binding

feature to implement user identification, and use access control feature to use access control

rules to control the Internet behaviors of the LAN users.

Refer to

section 12.2 IP/MAC Binding

for more information about IP/MAC binding; refer to

section 12.3 Firewall

for more information about access control.

A. IP/MAC Binding

The Device provides IP/MAC binding feature to implement user identification. Using the

IP/MAC address pair as a unique user identity, you can protect the Device and your network

against IP address theft, MAC address theft, IP spoofing attack, and MAC spoofing attack.

For those non-IP/MAC binding users (i.e., the users whose

IP address and MAC address

both are different from any IP/MAC binding¶s.

), the Device allows them to access the Device

and Internet by default. If you want to block them from accessing, please unselect

the Allow

Undefined LAN PCs check box in the Security > IP/MAC Binding > IP/MAC Binding

List page.

IP/MAC binding feature can only act on the packets initiated from the LAN hosts to the

Device or outside hosts, but cannot act on the packets within the LAN. If you change a

LAN host¶s IP address or MAC address, this LAN host will be unable to access the Device

and access the Internet through the Device, but it still can communicate with the other

LAN hosts, such as, it can browse Network Neighborhood, use windows file and printer

sharing services within the LAN, and so on.

B. Access Control

The Device allows you to create access control rules by referencing address groups,

service groups and schedules. By default, as no access control rule exists on the Device,

the Device will forward all the valid packets received by the LAN interface. After you have

enabled access control, the Device will examine each packet received by the LAN

interface to determine whether to forward or drop the packet, based on the criteria you

specified in the access control rules.

C. The Relationship between Them

1) Using IP/MAC binding feature can only implement user identification, but cannot