Fortigate 300 2.8以上版本如何实现IP/Mac绑定？

liugr3988

如题\n\n[ 本帖最后由 liugr3988 于 2008-8-30 21:56 编辑 ]

liugr3988

1、在防火墙上定义对应的IP－mac对应表\r\nconfig firewall ipmacbinding table\r\n    edit 1\r\n        set ip 192.167.1.111\r\n        set mac 00:0a:eb:7c:16:05\r\n        set name \"robbie\"\r\n        set status enable\r\n    next\r\nend\r\n2、在防火墙上定义ip－mac绑定的规则\r\nconfig firewall ipmacbinding setting\r\n    set bindthroughfw enable ( 符合ip－mac绑定表允许通过防火墙，缺省生效)\r\n    set bindtofw enable      （符合ip－mac绑定表允许管理防火墙）\r\nend\r\n \r\n3、在防火墙对应的接口生效ip－mac绑定规则\r\nFortigate-60 # config sys inter\r\n(interface)# edit internal\r\n(internal)# set ipmac \r\n disable    disable setting\r\n enable     enable setting\r\n \r\n(internal)# set ipmac en\r\n(internal)# end\r\n修改主机IP，后做测试

liugr3988

:wink: IP/MAC binding on the FortiGate unit has two distinct purposes:\r\n1.        (FIREWALL) anti-spoofing \r\n2.        (DHCP) address reservation\r\nFor FortiOS v2.80\r\n•        To configure anti-spoofing IP/MAC binding for the firewall, use the CLI command config firewall ipmacbinding. \r\n•        To configure IP/MAC binding for DHCP address reservation go to System > DHCP > IP/MAC Binding or use the CLI command config system dhcp reserved-address. \r\nNote: Since there is no DHCP configuration in Transparent mode, IP/MAC binding is not displayed in the web-based manager.\r\nFor FortiOS v3.0\r\n•        To configure anti-spoofing IP/MAC binding for the firewall, use the CLI command config firewall ipmacbinding. \r\n•        To configure IP/MAC binding for DHCP address reservation use the CLI command config system dhcp reserved-address.

liugr3988

:wink:\r\n单位防火墙配置，需要用到这方面的问题，找了一个下午，没找到答案，故写出这个帖子，请求帮助，同时自己接着找。最终给找到了，为方便他人，将找到的答案写在上面。希望各位不要认为我是在作弄人。谢谢！\n\n[ 本帖最后由 liugr3988 于 2008-8-30 22:11 编辑 ]

chinaciscoccie

fortigate是nS出来的。不知道fortigate下的cli也有命令绑定的功能？