< Home

Overview of IP-MAC Binding

This section provides the definition and objective of IP-MAC address binding.

Definition

IP-MAC address binding is to establish the mapping between IP addresses and MAC addresses on the device. After receiving a packet, the device searches the IP-MAC address binding table for the corresponding MAC address based on the source IP address, and compares the bound MAC address with the actual one in the frame header. If the two MAC addresses are inconsistent, the packet is assumed as illegitimate and thus discarded.

This feature is not an IPSG feature of the switch.

Objective

IP-MAC address binding aims to prevent attacks such as IP address spoofing and ARP spoofing.

  • In IP address spoofing, an attacker uses its own MAC address but other's IP address for communications, to obtain the rights of the attacked or the packets originally sent to the attacked.
  • In ARP spoofing, an attacker uses other's MAC address to send ARP packets, thereby obtaining the packets originally sent to the attacked, or uses the MAC address of the gateway to obtain the packets sent by all hosts on the network.
Parent Topic: IP-MAC Binding
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >