Filter
Top Products
Layer 3 Interfaces
IP-MACBinding
Use IP-MACbinding to prevent ARPspoofing.
Port accepts a packet only if the source IPaddress and source MACaddress in the packet match an entry in the
IP-MACbinding table.
You can enable/disable IP-MACbinding for the whole switch, and you can override this global setting for each
port.
Configuring IP-MACBinding
Use the following steps to configure IP-MACBinding:
1. Configure switch ip-mac-binding global setting.
2. Create the IP-MACbindings. You can activate each binding individually.
3. Set each port to follow the global setting. You can also override the global setting for indivual ports by enabling or
disabling IP-MACbinding for the port.
Using the CLI:
config switch global
set ip-mac-binding [enable| disable]
config switch ip-mac-binding
edit 1
set ip <IP address and network mask>
set mac <MAC address>
set status (enable| disable)
next
end
config switch interface
edit <port>
set ip-mac-binding (enable| disable | global)
edit <trunk name>
set ip-mac-binding (enable| disable | global)
Notes
For a switch port, the default IP-MAC binding falue is disabled.
When you configure a trunk, the default is for the trunk to follow the global value. You can also explicitly enable or
disable IP-MACbinding for a trunk, as shown above.
When you add member ports to the trunk, all ports take on the trunk setting. If you later remove a port from the
trunk group, the port is reset to the default value (disabled).
No duplicate entries allowed in the mapping table.
Rules are disabled by default. You need to explicitly enable each rule.
Mapping table holds up to 1024 rules.
47
FortiSwitchOS-3.2.0