Fortigate 300 2.8以上版本如何实现IP/Mac绑定？

liugr3988

如题

[ 本帖最后由 liugr3988 于 2008-8-30 21:56 编辑 ]

liugr3988

1、在防火墙上定义对应的IP－mac对应表
config firewall ipmacbinding table
    edit 1
        set ip 192.167.1.111
        set mac 00:0a:eb:7c:16:05
        set name "robbie"
        set status enable
    next
end
2、在防火墙上定义ip－mac绑定的规则
config firewall ipmacbinding setting
    set bindthroughfw enable ( 符合ip－mac绑定表允许通过防火墙，缺省生效)
    set bindtofw enable      （符合ip－mac绑定表允许管理防火墙）
end

3、在防火墙对应的接口生效ip－mac绑定规则
Fortigate-60 # config sys inter
(interface)# edit internal
(internal)# set ipmac
disable    disable setting
enable     enable setting

(internal)# set ipmac en
(internal)# end
修改主机IP，后做测试

liugr3988

:wink: IP/MAC binding on the FortiGate unit has two distinct purposes:
1.        (FIREWALL) anti-spoofing
2.        (DHCP) address reservation
For FortiOS v2.80
•        To configure anti-spoofing IP/MAC binding for the firewall, use the CLI command config firewall ipmacbinding.
•        To configure IP/MAC binding for DHCP address reservation go to System > DHCP > IP/MAC Binding or use the CLI command config system dhcp reserved-address.
Note: Since there is no DHCP configuration in Transparent mode, IP/MAC binding is not displayed in the web-based manager.
For FortiOS v3.0
•        To configure anti-spoofing IP/MAC binding for the firewall, use the CLI command config firewall ipmacbinding.
•        To configure IP/MAC binding for DHCP address reservation use the CLI command config system dhcp reserved-address.

liugr3988

:wink:
单位防火墙配置，需要用到这方面的问题，找了一个下午，没找到答案，故写出这个帖子，请求帮助，同时自己接着找。最终给找到了，为方便他人，将找到的答案写在上面。希望各位不要认为我是在作弄人。谢谢！

[ 本帖最后由 liugr3988 于 2008-8-30 22:11 编辑 ]

chinaciscoccie

fortigate是nS出来的。不知道fortigate下的cli也有命令绑定的功能？