Effective Administration Domain Network IP Address
Author: China Computer Education Date: 2003.12.02 23:03 article: http://www.mailer.com.cn/article/articleprint/1328/-1/183
First, the IP address based on the firewall is bound to the MAC address. Do a good job in naming the entire LAN end user computer, specify the IP address to name your computer according to the user's category, and give the IP address. This time I look at the machine name, I know which department which machine is machine, which is easy to manage. For example, the first-year Chinese group No. 1 machine, we named "GAOYiyuwen01". At the same time, unified planning allocate IP addresses to each terminal machine, and establish an IP address assignment registration form (see Schedule). A Middle School LAN IP Address Integrated Management Registration Form
2. Counting the MAC address of each terminal machine network card, establish an IP address and MAC address corresponding table
We know that the native IP address and MAC address (Windows 98 system) can be obtained in the MS-DOS mode to type the command "Winipcfg". We can publish this method and ask related users to copy the NMA address to the network management center and make registration summary. It is also possible to set up the machine name and IP address.
Network administrators can also use the nbtstat command to remotely get the MAC address of the specified machine. Type the "NBTSTAT -A Remote Computer Name" in the MS-DOS mode, you can get the IP address and MAC address of the specified machine.
3. Bind the IP address with the MAC address
This should be used depending on the way the LAN is connected to the Internet. If you use a proxy server to access the Internet, use the command:
barp -s ip address MAC address
Example: ARP -S 192.168.1.4 00-EO-4C-6C-08-75
In this way, the static IP address 192.168.1.4 is bound to the computer address of 00-EO-4C-6C-08-75, even if others are stealing your IP address 192.168.1.4, it is not possible to pass the agent Server Internet.
If it is directly connected to the Internet via the router, it is best to implement the IP and MAC address binding by hardware firewall. The general hardware firewall has this feature, and the specific operation is also very simple.
here seems to be a lot of effort, but things are not as simple as we think. Flowering a lot of energy to build the defense line is still conflict in a month. It turns out that some end users have changed the MAC address of this machine by modifying the registry, downloading special gadgets, and has changed the MAC address of this unit, even the MAC address and IP address of this unit are exactly the same as the primary server. There is also a nickey in the LAN.
Second, the MAC address based on the switch is bound to port binding
In order to further solve this problem, the author also thought of the MAC address based on the switch and the port binding. In this way, if the end user changes the MAC address of this NMA, the machine's network access will not be implemented due to its MAC address being configured to be illegal, and naturally does not cause interference to the LAN.
Taking the Cisco 3548 switch as an example, log in into the switch, enter the management password to enter the configuration mode, and type the command:
(Config) #mac_address_table Permanent Mac address Ethernet port number
This one will be binded to the corresponding computer MAC address, saved and exit each port one by one. Other brands of switches are mostly available in the network management.
