firewall : ipmacbinding table
ipmacbinding table
Use this command to configure IP and MAC address pairs in the IP/MAC binding table. You can bind multiple IP addresses to the same MAC address, but you cannot bind multiple MAC addresses to the same IP address.
To configure the IP/MAC binding settings, see “ipmacbinding setting”. To enable or disable IP/MAC binding for an individual FortiGate unit network interface, see ipmac in system interface.
If IP/MAC binding is enabled, and the IP address of a host with an IP or MAC address in the IP/MAC table is changed, or a new computer is added to the network, update the IP/MAC table. If you do not update the IP/MAC binding list, the new or changed hosts will not have access to or through the FortiGate unit.
If a client receives an IP address from the FortiGate unit’s DHCP server, the client’s MAC address is automatically registered in the IP/MAC binding table. This can simplify IP/MAC binding configuration, but can also neutralize protection offered by IP/MAC binding if untrusted hosts are allowed to access the DHCP server. Use caution when enabling and providing access to the DHCP server.
config firewall ipmacbinding table
edit <index_int>
set ip <address_ipv4>
set mac <address_hex>
set name <name_str>
set status {enable | disable}
Enter the unique ID number of this IP/MAC pair.
No default.
ip <address_ipv4>
Enter the IP address to bind to the MAC address.
To allow all packets with the MAC address, regardless of the IP address, set the IP address to
mac <address_hex>
Enter the MAC address.
To allow all packets with the IP address, regardless of the MAC address, set the MAC address to 00:00:00:00:00:00.
name <name_str>
Enter a name for this entry on the IP/MAC address table. (Optional.)
status {enable | disable}
Select to enable this IP/MAC address pair.
Packets not matching any IP/MAC binding will be dropped. Packets matching an IP/MAC binding will be matched against the firewall policy list.