Port Security MAC filtering on GS1900-8

frank_b_l
frank_b_l Posts: 3
First Comment
edited August 2022 in Switch

Hi all,

I would like to restrict one port to a list of static MAC addresses but allow at the same time that these MACs connect to any of the non-restricted ports.

I added the MACs with flag Port 1 to the static MAC table, set global port security to enabled, and enabled port security on Port 1 with Max. MAC Entry Number = 0 and Action = Discard. That works very well for Port 1 but the MACs included in the static MAC table are now refused on all other ports (other than 1). I cannot add a MAC twice in the static MAC table (with two ports) or set more than one port for a MAC entry

Is there a way to achieve this or has the static MAC table the side effect that MACs are always limited / bound to one single port?

Many thanks

Frank

All Replies

  • Zyxel小編 Lucious
    Zyxel小編 Lucious Posts: 278  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment

    Hi @frank_b_l


    Welcome to Zyxel community!


    It's normal when a static MAC is set on a port, other ports will refuse the MAC. Because it doesn't make sense that single MAC exists on several ports simultaneously. This is also why you're not allowed to assign one static MAC to multiple ports.


    We're guessing your goal is to only allow certain static MACs on port 1, meanwhile not letting those MACs being refused on other ports.


    If that's the case, port security+static MAC is not what you seek.

    Our advanced models like GS1920v2 or GS2210, have MAC-authentication or ACL features can block unwanted user/traffic on particular ports based on the MAC address

    Given the fact that GS1900 is rather entry-level model with simple features, we suggest using port-authentication to filter users on particular ports based on user credentials on RADIUS server.


    Zyxel_Lucious

  • koaly
    koaly Posts: 14  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Hi Frank,
    I had similar problem and I could not find a solution from the manual. As you can see Zyxel would rather sell you more expensive device with all GUI understandable and intuitive setup.
    Nevertheless, I found a solution also for GS-1900. 
    The only limitation is that the whitelisted MAC will be accepted only on the port, which you assign it. It solved my problem anyway, because I needed to restrict any device (except whitelisted) to connect to this port. I tried it on my GS1900-8HP and it works!