IP-MAC Binding > Disabled > Still Can't Access Internet
I understand that if IP-MAC Binding an for a MAC,
any other device with other MAC that been staticly set to the same IP (the above device been off) will not able to access internet.
- now I had a IP-MAC Binding list,
- in the list some Binding were status "disabled"
- I then static set IP of other device (not in the list) to the IP in the list (but status "disabled"),
this device can't access internet ( also can't ping the router, can ping other in LAN).
1.) what does the "disabled" status in the IP-MAC Binding list for?
2.) isn't that the "disabled" in the list will deactivate the IP-Mac binding?
3.) is the IP-MAC binding for the specific IP been deactivated, is not it should able to used by other device to connected to internet?
TQ
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
you cannot ping the router?
that's why you don't get internet. gateway is not accessible. you must set something. ACL I believe
- Copy Link
- Report Inappropriate Content
@Tedd404
I had two ACL
1.) source: IPGROUP_ANY; Destination: IPGROUP_ANY; Interface: WAN1,WAN2; Effective Time: Non-office hour
2.) source: Guest; Destination: Office_Network; Interface: LAN; Effective Time: Any
i dont think the ACL cause the problem here.
2.) all my effected machine are not Guest (not in guest group), beside it can ping LAN.
1.) ACL no.1 are to block internet totally "outside office hour", all machine that match the IP-MAC binding (regardless enabled/disabled) all can access internet.
machine with IP ( MAC don't match ) that in IP-MAC Binding list ( but rule disabled ) can't access internet.
once removed the IP-MAC Binding rule ( disabled ) the machine can access internet!!
- Copy Link
- Report Inappropriate Content
do you have arp binding? remove if you have any. arp spoofing off as well
- Copy Link
- Report Inappropriate Content
@Tedd404
TQ Tedd.
Yes I had arp binding & arp spoofing on.
that's my initial question there.
in my ARP binding list, some of it, is being "Disabled" state. (not removed/deleted from the list)
I knew that when the ARP binding entry is on (Enabled),
that specific IP will bonded to the specific MAC (at the router),
all traffic from router for that IP will only delivery to that specific MAC.
But I already disabled some of the IP-MAC ARP binding list,
still those being disabled (still in the list) when get assign to new machine (new MAC),
the new machine can't get access to internet ... because of the "arp IP-Mac Binding" effect.
hence I'm to seek clarification is it that "as long as" the IP-MAC binding entry exit (despite enable or disabled) the spoofing effect will stay active?
what does the "disabled" on the IP-MAC binding list use for?
- Copy Link
- Report Inappropriate Content
It is indeed strange, normally the entry should not take effect after disable, have you solved this problem now please?
If you don't mind, provide the screenshots of the relevant configuration and I'll test it on my old ER6120 router.
- Copy Link
- Report Inappropriate Content
i mean, arp binding will create two rules: 1. arp binding 2. ip-mac binding.
you perform one creation, but you got two rules.
if you want to disable it entirely you need two rules disabled at the same time.
arp binding auto generates the ip-mac binding.
disable = inactive
if you have confirmed all of the steps, made the right moves, still got the issue, then it is a bug.
- Copy Link
- Report Inappropriate Content
@Tedd404
sorry for being absent,
Yes it does create two rules,
one on the IP- Binding page,
one on the IP Reserved page.
I had disabled both for the IP i need to do change/swap.
- Copy Link
- Report Inappropriate Content
@Virgo
Hi Virgo,
No, the problem remain unsolved.
I have to delete the rule from IP-Mac binding page (just the binding page) & the IP-reserved page just disabled,
in order to get my job done ( IP address swapping between two computer )
attached print screen of my router IP-Mac binding page & IP-reserved page..
ARP Spoofing Defense is set to "on" (active)
- Copy Link
- Report Inappropriate Content
delete the rules in both reservation and ip-mac binding. this will release the restriction. then, bind the right mac address to the IP you want to get(do the reservation). make sure there is no duplicate IP. try it out.
- Copy Link
- Report Inappropriate Content
@Tedd404
Thanks for reply Tedd.
I had this two IP swapped every two days by PS script,
hence it's not practical every time needed to went into the router admin page to remove & re-add.
disable & enable is just two clicks.
you may ask "why keep the ip-mac binding entry if it's to be keep swapping?",
it is for long holiday/weekend, when there is long holiday/weekend I'll just enable the entry.
anyway for the time being, I have to delete this two IP from binding page.
(IP reservation had no problem, can be disabled)
p/s : this two IP are always static (swap or not swap) not DHCP.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 396
Replies: 10
Voters 0
No one has voted for it yet.