How to configure port security to limit the number of connected devices
Zyxel Employee
The example shows administrators how to configure port security to limit the number of connected devices. In a real environment, port security controls the number of users connecting to a server.
Note:
All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks.
1. Configure Switch-1
Enter web GUI and go to Menu > Advanced Application > Port Security. Check port 3 and set the “Limited Number of Learned MAC Address” to 2.
Note:
The Zyxel switch sends Link Layer Discovery Protocol (LLDP) packets every period of time by default. If Switch-2 does not support LLDP or is disabled, Limited Number of Learned MAC Address can be set to 1. Otherwise, set this to 2.
2. Test the Result
2-1. PC-1 can ping Server successfully.
2-2. Connect PC-2 to port 2.
2-3. PC-2 cannot ping Server.
2-4. Access Switch-1 web GUI. Go to Menu > Management > MAC Table > Search. The MAC Address Table should show MAC address of PC-1 (and Switch-2), but not the MAC address of PC-2.
3. What Could Go Wrong
The MAC address of Switch-2 will also be learned in Switch-1 MAC address table. Therefore, remember to consider Switch-2’s MAC address when setting the number of Limited Number of Learned MAC Address.
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 79 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 909 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight