Why do I get IP_MAC_Binding errors (after upgradingUSG)?

Hi, I just updated the firmware on my USG40. Afterwards some of my clients are no longer connected to network.
I found a client (on DHCP) that still was on the network that allowed me to login to USG web UI.
I found in the log for many clients the same error:  IP_MAC_Binding Drop_packet.
Not sure why as internal traffic is supposed to be wide open (LAN1 to LAN1)

All Replies

  • Zyxel_CharlieZyxel_Charlie Zyxel Official Agent Posts: 848  mod
    @tesagig
    Can I know did you configure IP/MAC binding on Lan interface?
    Can issued client get IP address?

  • Yes, I did configure IP/MAC binding.
    At least some clients were unable to obtain IP address. Only after reboot.
  • tesagigtesagig Member Posts: 7
    Seems like the clients want to check for existing MAC-IP binding, and USG is rejecting because it forgot but does not force a new IP?
  • Zyxel_CharlieZyxel_Charlie Zyxel Official Agent Posts: 848  mod
    edited May 5, 2020 1:18AM
    @tesagig
    What do you mean clients want to check for existing MAC-IP binding?(check from USG, but cannot access to GUI?)
    If forgot the IP address, you can type: Router> show ip dhcp binding, to check list from console.

  • tesagigtesagig Member Posts: 7
    clients kept IP and DHCP server (on USG) is not giving out new IP to client or is not recording existing IP-MAC binding on the network.
  • Zyxel_CharlieZyxel_Charlie Zyxel Official Agent Posts: 848  mod
    @tesagig
    What if you type “ipconfig /release” then “ipconfig /renew” in the terminal, the PC still cannot get new IP?
    Can you share what firmware version are you using?
  • tesagigtesagig Member Posts: 7
    I tried this. But IP is kept. I did some research on this and clients typically don't give up IP like this. Actually, some people have to go though great lengths to change IP (i.e. switch to static and then switch back) .

    In any case I woudl not expect to get the error after upgrading USG firmware.

  • Zyxel_CharlieZyxel_Charlie Zyxel Official Agent Posts: 848  mod
    @tesagig
    Can you private message configuration for check further?
  • FenderFender Member Posts: 1  Freshman Member
    Hi, I have the same problem with all of my zywalls on client sites. I have also configured IP/MAC binding on all lan and vlan interfaces, the problem is when you reboot the zywall after a firmware update or just a normal reboot the IP/MAC binding table is reset and empty, but all connected clients will keep their ipaddress from the zywall before the reboot. So the zywall is ingoring and blocking all those ip addreses because they are not listed anymore in de IP/MAC table. Is there a way to save the list before rebooting, or an option in zywall to retain the list?
  • Zyxel_CharlieZyxel_Charlie Zyxel Official Agent Posts: 848  mod
    @Fender
    I updated the firmware from 4.35 to 4.38, and the IP/MAC binding still exist. Can you private message the configuration for check further?
Sign In to comment.