ZyXEL Communications VES-1616 manual Switching security MAC Limit

Page 97

ZyXEL

VES-1616/24FA-5x Series Support Notes

Switching security

MAC Limit

As an added protection against network intrusion attacks, ZyXEL has implemented the MAC limit feature on VES-1616FA-54. Security has been the main focus of our switch design. With the MAC limit feature enabled, dynamic MAC addresses on specified ports are stored in the static MAC address table. At the same time, MAC address learning is disabled on these ports thus denying network access for computers within unknown MAC addresses.

Without the MAC limit function, any computer can access the network through a switch port. The port automatically learns the computer’s MAC address and stores it to the MAC address table.

Activate the MAC limit function on a port by entering the port-security [port number] command in the CLI.

The following figure shows an example where the MAC limit feature is enabled on port 6. And port 6 only can dynamic learn 64 MAC addresses.

After you enabled MAC limit on the port 6 using the CLI command, the switch automatically disables MAC address learning on that port. Display the Port Security screen to verify this.

All contents copyright 2008 ZyXEL Communications Corporation.

96

Image 97

Contents VES-1616/24FA-5x Series Vdsl Switch ZyXEL VES-1616/24FA-5x Series Support Notes Classifier & Policy rule setup on your Switch Firmware Upgrade Switch Management and MaintenanceRestore a Configuration File ZyXEL Backing Up a Configuration File Load Factory Defaults Dhcp Relay Option 82 Application General NetworkingNetwork Port Dhcp Server Dhcp Client Switch settingsIP Commander setup ZyXEL ZyXEL ZyXEL Enter a name and description for the new rule ZyXEL Next select Dhcp Option in the Keywords field An Add Dhcp Option Rule screen displays ZyXEL Click Next in the screen that displays ZyXEL ZyXEL You can choose to enable Ddns service on the Dhcp server Click Finish to complete the rule creation Separating a physical network into multiple Virtual networks Case Port-based Vlan definition Port-based Vlan across multiple switches ZyXEL PC Z ZyXEL ZyXEL Configuring the Switch Using the CLI Tag-based Vlan Overview ZyXEL Forwarding Process Ingress ProcessVID Vlan ID Egress Process VEES-1616/24FA-5x Series Support Notes Answer ZyXEL Configuration screen for switch 2 is shown as follows ZyXEL ZyXEL Company XX branch Company YY branch Vlan Stacking OverviewSwitch B Switch aSwitch C Switch DSwitch H ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL Network Scenario ZyXEL ZyXEL ZyXEL ZyXEL Igmp IP Multicasting Configuring Igmp snooping in your switchCPE ZyXEL Overview of MVR Dynamic Mode Join Operation Compatible modeLeave Operation Immediate Leave OperationConfiguration via Web ZyXEL ZyXEL ZyXEL ZyXEL VES-1616FA-54config# vlan Setting, and activate the Igmp SnoopingVES-1616FA-54config#igmpsnooping VES-1616FA-54config-vlan# fixedVlan ID Triple play ApplicationZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL Vlan ID ZyXEL ZyXEL ZyXEL Broadcast storm Filtering Database Instability Select a root bridge Select a designated port on each segment ZyXEL Switching security MAC Limit ZyXEL Setting up 802.1x Radius Authentication ZyXEL ZyXEL ZyXEL Classifier & Policy rule setup on your Switch ZyXEL ZyXEL Centralized Management Introduction to SNMPc and NetAtlas System Architecture EMS Overview Adding a new device in SNMPc Map Object Properties Read/Write Access Mode Read/write Community Device Selection Rootmap FAQ ZyXEL Using the Web Configurator ZyXEL