ZyXEL

VES-1616/24FA-5x Series Support Notes

Switching security

MAC Limit

As an added protection against network intrusion attacks, ZyXEL has implemented the MAC limit feature on VES-1616FA-54. Security has been the main focus of our switch design. With the MAC limit feature enabled, dynamic MAC addresses on specified ports are stored in the static MAC address table. At the same time, MAC address learning is disabled on these ports thus denying network access for computers within unknown MAC addresses.

Without the MAC limit function, any computer can access the network through a switch port. The port automatically learns the computer’s MAC address and stores it to the MAC address table.

Activate the MAC limit function on a port by entering the port-security [port number] command in the CLI.

The following figure shows an example where the MAC limit feature is enabled on port 6. And port 6 only can dynamic learn 64 MAC addresses.

After you enabled MAC limit on the port 6 using the CLI command, the switch automatically disables MAC address learning on that port. Display the Port Security screen to verify this.

All contents copyright 2008 ZyXEL Communications Corporation.

96

Page 97
Image 97
ZyXEL Communications VES-1616 manual Switching security MAC Limit