Port Security MAC filtering on GS1900-8

Hi all,

I would like to restrict one port to a list of static MAC addresses but allow at the same time that these MACs connect to any of the non-restricted ports.

I added the MACs with flag Port 1 to the static MAC table, set global port security to enabled, and enabled port security on Port 1 with Max. MAC Entry Number = 0 and Action = Discard. That works very well for Port 1 but the MACs included in the static MAC table are now refused on all other ports (other than 1). I cannot add a MAC twice in the static MAC table (with two ports) or set more than one port for a MAC entry

Is there a way to achieve this or has the static MAC table the side effect that MACs are always limited / bound to one single port?

Many thanks

Frank

All Replies

  • Zyxel_LuciousZyxel_Lucious Zyxel Official Agent Posts: 217  mod

    Hi @frank_b_l


    Welcome to Zyxel community!


    It's normal when a static MAC is set on a port, other ports will refuse the MAC. Because it doesn't make sense that single MAC exists on several ports simultaneously. This is also why you're not allowed to assign one static MAC to multiple ports.


    We're guessing your goal is to only allow certain static MACs on port 1, meanwhile not letting those MACs being refused on other ports.


    If that's the case, port security+static MAC is not what you seek.

    Our advanced models like GS1920v2 or GS2210, have MAC-authentication or ACL features can block unwanted user/traffic on particular ports based on the MAC address

    Given the fact that GS1900 is rather entry-level model with simple features, we suggest using port-authentication to filter users on particular ports based on user credentials on RADIUS server.


    Zyxel_Lucious

Sign In to comment.