Vigor 2860 "Bind IP to Mac" Question

Hello all,

We have set up the router to shut down the internet at certain times, applying to the whole network with the exception of one IP address. This is done through a Firewall filter using various schedules. It cannot be done with MACs, just  IPs.

We want to prevent anyone from manually setting their machine to the allowed IP, turning off the allowed machine and then connecting during off-hours.

So the question is: if we use the "Bind IP to Mac" feature and bind that IP to the Mac of the "allowed" PC, will it then prevent any other machines from connecting with that IP if they have manually set it locally in IPV4 properties? Perhaps it would work if we stick to "Strict" filtering in the "Bind IP to Mac" settings? This is not ideal as we would have to make sure every machine is in the IP Bind list, and that means it has to be done each time a new device connects, which is impractical.

If the answer to the above is negative, are there any other solutions you might suggest?

Thanks guys, good to be here.

Leo
leo135Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
no user should be a local admin set them all as standard users.
nociSoftware EngineerCommented:
No if that machine with that specific PC is turned off. Then still someone can set his/her address to the one that is allowed through. (by NOT using the DHCP server that implements the bind ip to mac address.
(And even then, the MAC address of ANY machine is spoofable.  Very easy to do).

A better solution would be to allow a proxy server to pass through the firewall, and only allow a certain authenticated user to pass through the proxy at certain times. (that  PERSON, can pass through).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
leo135Author Commented:
This answered my question about whether it would work and the solution is worth looking into - thank you.

Unfortunately, having all users as local is ok unless someone brings in a laptop, then we have the same issue
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.