IP-to-policy mapping persistence (ignores MAC address)

One of the key values of adam:ONE® is the real-time device inventory that is automatically updated on the dashboard based on observed network traffic. This happens because adam:ONE® software on the router/gateway is able to inspect the ethernet header to determine the origin of a DNS request and therefore maintain an accurate picture of MAC:IP relationships and make sure that the correct policy is applied.

However, occasionally there are times when you don’t want this auto-update mechanism to take place such as these conditions:

  • when connections come in on a routed path (aka via layer 3), then the ethernet header does not contain the source MAC address
  • when IPSec connections are allocated an IP address range that is also visible via layer 2 (from the perspective of the gateway)

This is when a new feature as of version 4.11 can be used. We call it Lock IP to this device and it is a toggle option when you edit a device (Dashboard → Devices → Edit):

Unless you are certain you need this feature, it will not be necessary.

NOTE: This is NOT a DHCP reservation function