In my view, the biggest difference between them is that the IP & Mac binding is releated to the arp binding. But DHCP reservation not....;)

I asked TP-Link tech support and got a very brief cryptic response that mentioned ARP attack and saw your response which also mentioned ARP.

My previous googling for difference between lease reservation and MAC binding didn't yield anything useful, in fact after I'd posted my initial question on the forum it became the first hit in google!

Ahhh, but putting in lease reservation and ARP binding and voila! tons of hits mostly of the "Whats the difference?" variety :D

So now I'm fully clued up - what a difference a search term can make ;)

Hey, I know this is an old thread, but....

DHCP Reservations are a means for the router to always Issue the same address to that MAC address. If something else logged in and had manually set itself to that IP address while the original was offline, everything will happily direct traffic to the impostor.

IP and MAC binding say the other side of the equation. They change it in the router so that anytime someone asks for the MAC for that IP (I know you're at 192.168.0.47, what is your hardware address so I can send you a packet) the router can respond because it already knows the address of the device is supposed to be. This means that traffic for the REAL 0.47 box will get there just fine, but no traffic will be encoded to any impostor trying to use the 0.47 address. someone impersonating in this way is an example of an ARP attack. Another is for the REAL 0.47 machine to be online and working fine, but you "poison" the ARP tables on the switch by lying to the switch about your MAC or impersonating the real 0.47 machine at a different IP - this attack, which would be thwarted by something like this ARP binding, would result in the 0.47 machine sitting online but all the traffic sent to it being routed to the imposter. This second attack is often used to intercept connections and then "Man in the middle" them so that the malicious person is able to proxy everything going through that connection.

Sometimes this means that the router also only accepts the legitimate 0.47 device when it is using the IP address that is on file for it's hardware address. It really just depends on how the router works.




So, for example, DHCP reservations would be useful for making sure you always got the address you wanted and/or making sure that no one else got that address issued to them by the DHCP server. IP-to-MAC binding says that anytime someone asks for that hardware address, it will be given that IP address. And, usually, that this IP address will always have this MAC address. So, the IP-to-MAC binding is more of a security feature, while the DHCP reservation is more of a ease of use or convenience feature.