IP and MAC address binding is usually configured in network switch or router(gateway). An effective IP-MAC binding solution needs to:
1. Be able to integrate with the DHCP server to assign static IPs to clients.
2. Have option to block or allow internet for un-bound devices.
3. Be able to do IP-MAC binding in multi-subnet networks.
In this post, I will demonstrate the “IP-MAC binding” feature in WFilter NG firewall. For IP-MAC binding in “WFilter internet content filter”, please check: “WFilter IP-MAC binding solution“.
1. IP-MAC Binding List
You can define the IP-MAC binding list in “Modules”->”Access Policy”->”IP-MAC Binding”. When listed, these devices will always be assigned with static IP addresses when using dynamic IP address.
Below options are available in the “IP-MAC binding” module:
1. For unlisted IP addresses, you can choose “Allow all”, “Block all” or “Block below IP ranges”.
2. For unlisted MAC addresses(devices), you can configure whether to assign IP address or not.
3. Multi-subnet IP-MAC binding solution
Your network is multi-subnet? No worry. With “MAC address detector”, WFilter NGF is able to retrieve MAC addresses from your core switch. So you can bind IP address with MAC address, even in a multi-subnet network.
A guide of “IP-MAC binding” in WFilter NGF can be found at: IP-MAC binding.