firewall : ipmacbinding table
 
ipmacbinding table
Use this command to configure IP and MAC address pairs in the IP/MAC binding table. You can bind multiple IP addresses to the same MAC address, but you cannot bind multiple MAC addresses to the same IP address.
To configure the IP/MAC binding settings, see “ipmacbinding setting”. To enable or disable IP/MAC binding for an individual FortiGate unit network interface, see ipmac in system interface.
 
If IP/MAC binding is enabled, and the IP address of a host with an IP or MAC address in the IP/MAC table is changed, or a new computer is added to the network, update the IP/MAC table. If you do not update the IP/MAC binding list, the new or changed hosts will not have access to or through the FortiGate unit.
 
If a client receives an IP address from the FortiGate unit’s DHCP server, the client’s MAC address is automatically registered in the IP/MAC binding table. This can simplify IP/MAC binding configuration, but can also neutralize protection offered by IP/MAC binding if untrusted hosts are allowed to access the DHCP server. Use caution when enabling and providing access to the DHCP server.
Syntax
config firewall ipmacbinding table
edit <index_int>
set ip <address_ipv4>
set mac <address_hex>
set name <name_str>
set status {enable | disable}
end
Variable
Description
Default
<index_int>
Enter the unique ID number of this IP/MAC pair.
No default.
ip <address_ipv4>
Enter the IP address to bind to the MAC address.
To allow all packets with the MAC address, regardless of the IP address, set the IP address to 0.0.0.0.
0.0.0.0
mac <address_hex>
Enter the MAC address.
To allow all packets with the IP address, regardless of the MAC address, set the MAC address to 00:00:00:00:00:00.
00:00:00:00:00:00
name <name_str>
Enter a name for this entry on the IP/MAC address table. (Optional.)
noname
status {enable | disable}
Select to enable this IP/MAC address pair.
Packets not matching any IP/MAC binding will be dropped. Packets matching an IP/MAC binding will be matched against the firewall policy list.
disable