A question about the port security setting

KinGsmanKinGsman Member Posts: 5  Freshman Member
Hello guys, 

Recently, I met a problem about the setting of port security. 
I used XGS4600-32 as the core switch, which connects to the Internet. 
Then I used GS2210-24 to connect to the XGS4600-32. 
To control the PC numbers to access the Internet, I enable the port security on the port connected to GS2210 and set the "limited number of learned MAC address" as 20 on XGS4600. (Because I plan to let only 20 colleagues from the department to access the Internet.)

The problem I met is that there is always 1 colleague tell me that he/she cannot access the internet. 
I have no choice but to add the "limited number of learned MAC address" as 21 and the situation doesn't happen anymore. 
I'm just curious why I have to set one more MAC number? 
Does anyone know why?

Thanks!

Comments

  • Zyxel_JasonZyxel_Jason Zyxel Official Agent Posts: 102  mod
    edited September 26, 2017 1:24PM
    Hi @KinGsman,

    Welcome to Zyxel community!

    The reason why you have this issue is the MAC address of GS2210 will be also learned in the MAC table of XGS4600.

    You may access CLI and use "show mac address-table port X".
    Or, access WebGUI and see the MAC table if there are already 20 MAC addresses and the MAC address of GS2210 is included before you change the limit number to 21.

    Hope it helps.
    Jason
    Zyxel_Albert
  • KinGsmanKinGsman Member Posts: 5  Freshman Member
    Hi Jason,

    Thanks for your reply!
    Now I know the reason! How can I forget GS2210!?
    After checking the MAC table, I found that the MAC of GS2210 is really on the MAC table.
    Thanks for help!!
  • CrazyTacosCrazyTacos Member Posts: 53  Ally Member
    Interesting topic. I've learned early on to always trust the MAC address table.  :)
  • Username_is_reservedUsername_is_reserved Member Posts: 64  Ally Member

    Hi

    I will buy a Handfull GS2210 and will use Port Security to.

    Cisco offer a nice feature when a unknown device is plugin the switch put that device in an guest Vlan.

    Can the GS2210 Series to? With the Zyxel iStacking can I config Vlans, Port Security in one?

    Thanks

  • Zyxel_LuciousZyxel_Lucious Zyxel Official Agent Posts: 217  mod

    Hi @Username_is_reserved

    1.

    Guest VLAN is a feature can be combined with 802.1x port authentication.

    GS2210 can support it, please see attachment for some detailed info.

    2.

    Yes, you can config both VLAN and Port security in iStacking.

    Zyxel_Lucious


  • Username_is_reservedUsername_is_reserved Member Posts: 64  Ally Member

    Thanks with iStacking I can configure (at least the most important) function of all 2210 at once?

    Like Vlan, Port Security think? (Like when mac adr., client,... plug in a Ethernet cable than put it into Vlan ID X)?

    Is there anythink (common) who could NOT be configured) in a mass via iStacking or is there anythink I should know before I buy it?


    I will soon start a now post with my own question about the Switch.

  • Zyxel_LuciousZyxel_Lucious Zyxel Official Agent Posts: 217  mod

    Hi @Username_is_reserved


    The iStacking feature is to allow you access other member's configuration in manager's web-GUI (see image below), the configurations of members are still individual.

    As for what can be configured in iStacking, please see image in my previous reply.


    Zyxel_Lucious

Sign In to comment.