ZyXEL VES-1616/24FA-5x Series Support Notes
All contents copyright 2008 ZyXEL Communications Corporation.
96
Switching security
MAC Limit
As an added protection against network intrusion attacks, ZyXEL has
implemented the MAC limit feature on VES-1616FA-54. Security has been the
main focus of our switch design. With the MAC limit feature enabled, dynamic
MAC addresses on specified ports are stored in the static MAC address table. At
the same time, MAC address learning is disabled on these ports thus denying
network access for computers within unknown MAC addresses.
Without the MAC limit function, any computer can access the network through a
switch port. The port automatically learns the computer’s MAC address and stores
it to the MAC address table.
Activate the MAC limit function on a port by entering the
port-security [port number]
command in the CLI.
The following figure shows an example where the MAC limit feature is enabled on
port 6. And port 6 only can dynamic learn 64 MAC addresses.
After you enabled MAC limit on the port 6 using the CLI command, the switch
automatically disables MAC address learning on that port. Display the Port
Security screen to verify this.
