Ipbound
From Wiki of WFilter NG Firewall
(Difference between revisions)
(5 intermediate revisions by one user not shown) | |||
Line 3: | Line 3: | ||
This module enables you to bind an ip address to a MAC address. Please notice: | This module enables you to bind an ip address to a MAC address. Please notice: | ||
− | * When "ip-mac binding" is enabled, WFilter NGF will assign static ip addresses to clients. | + | * When "ip-mac binding" is enabled, WFilter NGF DHCP server will assign static ip addresses to clients. |
* WFilter NGF does not act as a DHCP server when deployed as a network bridge. | * WFilter NGF does not act as a DHCP server when deployed as a network bridge. | ||
* If you have another dhcp server, for "ip-mac binding" to work properly, please modify your DHCP server to assign listed static ip addresses to clients. | * If you have another dhcp server, for "ip-mac binding" to work properly, please modify your DHCP server to assign listed static ip addresses to clients. | ||
− | * If you want to apply binding to clients connected with a three layer switch, you need to | + | * If you want to apply binding to clients connected with a three layer switch, you need to enable [[Maccd|"MAC Detector"]]. |
− | + | ||
== Settings == | == Settings == | ||
Line 13: | Line 12: | ||
[[File:Ipbound04.png|800px]] | [[File:Ipbound04.png|800px]] | ||
− | * For | + | * For ubound IPs, you can choose to: |
− | ** "Block All". No internet access for | + | ** "Block All". No internet access for ubound IP addresses. |
− | ** "Allow All". Allow internet access for | + | ** "Allow All". Allow internet access for ubound IP addresses. |
** "Block below IP". Local IP address belongs to the IP ranges will be blocked. | ** "Block below IP". Local IP address belongs to the IP ranges will be blocked. | ||
− | * For | + | * Static ARP: enable static ARP for listed IP-mac addresses. |
+ | * For ubound MAC addresses, you can set each lan subnet to assign IP address or not. | ||
** "Disable". Do not assign IP to unlisted MAC address. | ** "Disable". Do not assign IP to unlisted MAC address. | ||
** "Enable". Assign IP to unlisted MAC address. | ** "Enable". Assign IP to unlisted MAC address. | ||
+ | * Please note: because client will cache the assigned ip for a while, sometimes you can not obtain the new bound ip immediately. For example, in windows system, you need to run command "ipconfig /renew" to force dhcp renew. | ||
== IP-MAC List == | == IP-MAC List == | ||
Line 44: | Line 45: | ||
= Links = | = Links = | ||
− | * [http://blog. | + | * [http://blog.wfilterngf.com/?p=394 How to bind ip address with mac address in network?] |
Latest revision as of 12:16, 19 April 2023
Contents |
[edit] 1 IP-MAC Binding
This module enables you to bind an ip address to a MAC address. Please notice:
- When "ip-mac binding" is enabled, WFilter NGF DHCP server will assign static ip addresses to clients.
- WFilter NGF does not act as a DHCP server when deployed as a network bridge.
- If you have another dhcp server, for "ip-mac binding" to work properly, please modify your DHCP server to assign listed static ip addresses to clients.
- If you want to apply binding to clients connected with a three layer switch, you need to enable "MAC Detector".
[edit] 2 Settings
- For ubound IPs, you can choose to:
- "Block All". No internet access for ubound IP addresses.
- "Allow All". Allow internet access for ubound IP addresses.
- "Block below IP". Local IP address belongs to the IP ranges will be blocked.
- Static ARP: enable static ARP for listed IP-mac addresses.
- For ubound MAC addresses, you can set each lan subnet to assign IP address or not.
- "Disable". Do not assign IP to unlisted MAC address.
- "Enable". Assign IP to unlisted MAC address.
- Please note: because client will cache the assigned ip for a while, sometimes you can not obtain the new bound ip immediately. For example, in windows system, you need to run command "ipconfig /renew" to force dhcp renew.
[edit] 3 IP-MAC List
- Click the "state" icon, you can turn on/off the binding.
Please notice: even a binding is in "off" state, static ip address will still be assigned by WFilter's DHCP.
[edit] 4 Import & Remove
- Scan and Import: scan local ip & mac list for importing.
- Without "MAC Detector", only local ARP table will be scanned.
- With "MAC Detector" enabled, it also can import clients detected by "MAC Detector".
- Import List: import a pre-defined IP & mac list.
- Delete: delete ip-mac list