Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.6
Download PDF
Copy Link

firewall ipmacbinding table

Use this command to configure IP and MAC address pairs in the IP/MAC binding table. You can bind multiple IP addresses to the same MAC address, but you cannot bind multiple MAC addresses to the same IP address.

To configure the IP/MAC binding settings, see firewall ipmacbinding setting . To enable or disable IP/MAC binding for an individual FortiGate unit network interface, see ipmac insystem interface .

config firewall ipmacbinding table
    edit {seq-num}
    # Configure IP to MAC address pairs in the IP/MAC binding table.
        set seq-num {integer}   Entry number. range[0-4294967295]
        set ip {ipv4 address}   IPv4 address portion of the pair (format: xxx.xxx.xxx.xxx).
        set mac {mac address}   MAC address portion of the pair (format: xx:xx:xx:xx:xx:xx in hexidecimal).
        set name {string}   Name of the pair (optional, default = no name). size[35]
        set status {enable | disable}   Enable/disable this IP-mac binding pair.
    next
end

Additional information

The following section is for those options that require additional explanation.

ip

To allow all packets with the MAC address, regardless of the IP address, set the IP address to 0.0.0.0.

mac

To allow all packets with the IP address, regardless of the MAC address, set the MAC address to 00:00:00:00:00:00.

status

Packets not matching any IP/MAC binding will be dropped. Packets matching an IP/MAC binding will be matched against the firewall policy list.

firewall ipmacbinding table

Use this command to configure IP and MAC address pairs in the IP/MAC binding table. You can bind multiple IP addresses to the same MAC address, but you cannot bind multiple MAC addresses to the same IP address.

To configure the IP/MAC binding settings, see firewall ipmacbinding setting . To enable or disable IP/MAC binding for an individual FortiGate unit network interface, see ipmac insystem interface .

config firewall ipmacbinding table
    edit {seq-num}
    # Configure IP to MAC address pairs in the IP/MAC binding table.
        set seq-num {integer}   Entry number. range[0-4294967295]
        set ip {ipv4 address}   IPv4 address portion of the pair (format: xxx.xxx.xxx.xxx).
        set mac {mac address}   MAC address portion of the pair (format: xx:xx:xx:xx:xx:xx in hexidecimal).
        set name {string}   Name of the pair (optional, default = no name). size[35]
        set status {enable | disable}   Enable/disable this IP-mac binding pair.
    next
end

Additional information

The following section is for those options that require additional explanation.

ip

To allow all packets with the MAC address, regardless of the IP address, set the IP address to 0.0.0.0.

mac

To allow all packets with the IP address, regardless of the MAC address, set the MAC address to 00:00:00:00:00:00.

status

Packets not matching any IP/MAC binding will be dropped. Packets matching an IP/MAC binding will be matched against the firewall policy list.