Network Security - Zyxel Community

Can I configure a block client policy with many VLANs for one Nebula switch client?
No, the switch client page only allows the administrator to block the client with one policy and one VLAN. When blocking the same MAC address, the new policy replaces the previous parameter.
Use ACL to block traffic between multiple VLANs on NCC
This article guides how to use ACL to block traffic between switch VLANs. (Assume both switches have all VLAN IDs created.) A user does not want devices in VLAN 20 communicating to devices in VLAN 30 and 40. If you encounter any other issues, please help create a post here and tag @Zyxel_CSO , or create a ticket directly…
How to disable FTP on the Nebula Switch?
Go to Configure > Switch settings Enable the Access management option. The default setting is "Deny all." If you want to allow specific IP addresses to access the Nebula switch via FTP, please click "+Add allow IP range" and enter the information. Note: This not only restricts FTP access to your Nebula switch but also…
How to disable HTTP, HTTPS on the Nebula Switch?
Go to Configure > Switch settings Enable the Access management option. The default setting is "Deny all." If you want to allow specific IP addresses to access the Nebula switch via HTTP, HTTPS, please click "+Add allow IP range" and enter the information. Note: This not only restricts HTTP, HTTPS access to your Nebula…
How to disable SSH on your Nebula switch?
Go to Configure > Switch settings Enable the Access management option. The default setting is "Deny all." If you want to allow specific IP addresses to access the Nebula switch via SSH, please click "+Add allow IP range" and enter the information. Note: This not only restricts SSH access to your Nebula switch but also…
How to disable Telnet on the Nebula Switch?
Go to Configure > Switch settings Enable the Access management option. The default setting is "Deny all." If you want to allow specific IP addresses to access the Nebula switch via Telnet, please click "+Add allow IP range" and enter the information. Note: This not only restricts Telnet access to your Nebula switch but…
How to Block Local Access (HTTP, HTTPS, FTP, SSH, Telnet) on Nebula Switches
Question: Is there a way to block local access (HTTP, HTTPS, FTP, SSH, Telnet) to the nebula switches to prevent brute force attacks? Answer: * Go to Nebula, Configure > Switch settings in your network management interface. * Enable the access management option. The default setting is "deny all." This will restrict local…
How to deactivate/disable SNMP on Switch in NCC?
This guide provides a straightforward process to deactivate SNMP on the switch within the NCC platform. Steps to deactivate SNMP: 1.Login to NCC and navigate to Side-wide > Configure > Site-wide settings 2.Find the SNMP section and select Disable. 3.Click the save button to take effect. If you encounter any other issues,…
How to activate/enable SNMP on Switch in NCC?
This guide provides a straightforward process to activate SNMP on the switch within the NCC platform. Steps to activate SNMP: 1.Login to NCC and navigate to Side-wide > Configure > Site-wide settings 2.Find the SNMP section and select V1/V2c with community string entering. 3.Click the save button to take effect. If you…
Which switch models do NOT support Radius/NCAS on NCC?
Switch models such as GS1350 series, GS1915 series, and XMG1915 series do NOT support Radius and Nebula Cloud Authentication Server(NCAS). You may use the post below regarding how to check the Device Function table for other switches that support the feature. If you encounter any other issues, please help create a…
How to activate 802.1x authenticatoin on Nebula switch?
To enable 802.1x authentication on your Zyxel switch through the Nebula Control Center, follow these steps to enhance network security by controlling network access. 1. Access your account on the Nebula Control Center. 2. Choose the organization and site where the switch is located. 3. Navigate to Site-wide > Configure >…
What happen if connect a second DHCP server with DHCP Server Guard enabled in network?
After activating the DHCP Server Guard and there is an existing DHCP server in your network, an unauthorized DHCP server tries to connect, the switch will block its DHCP packets. This happens because the switch is programmed to recognize the first DHCP server that sends a DHCP packet to the switch as a preferred server. If…
Understanding and Configuring IP Source Guard in Nebula switch
Feature Introduction IP Source Guard (IPSG) is an Ethernet solution that prevents IP conflicts or IP spoofing within networks. This feature is particularly crucial in environments where network security and reliability are paramount. Its primary functions are to enable DHCP Snooping and ARP Inspection, ensuring that each…
What situations should I use Nebula BPDU Guard?
Nebula BPDU Guard is essential when you want to protect your network from unexpected changes caused by new devices joining the network. Specifically, it's used to disable the port once unauthorized devices connect to your network and send BPDU packets. When BPDU Guard is enabled on a port and it detects Bridge Protocol…
Why I add the ACL rule to allow clients access Internet but not works?
Please make sure below: The deny rule is the lowest ACL rule. The allow rule is enabled and the configurations are correct. Which means the MAC address should be your firewall/router. The MAC address mask should not be FF:FF:FF:FF:FF:FF since the clients might not be under the same port of your firewall/router. Below is an…
How to allow the clients to access the Internet when the switch deny all traffics?
Please navigate to Site-wide > Configure > Switches > ACL to set up the rules. Setup the rule to allow your DHCP server to provide a DHCP IP address. Rule 1 in below is the example. You can change the source IP address as your DHCP server and the other columns are the same. Setup the rule to allow the clients to access the…
Why my Nebula ACL cannot work properly? The traffics are blocked by switch.
If the deny all rule is the first rule, the switch will not check the other rules and discard all of traffics. Please make sure the deny rule has the lower priority.
What rule should I add with isolate rules if I want clients can access the printer in other subnets?
You don’t need to set additional ACL rules since the rule “allows to access the Internet” allows the client to access other subnets.
How to allow the clients which are isolated by ACL to access the printer in same VLAN?
Scenario: Since port isolation cannot isolate clients in different switches, users can use ACL to restrict the connection between each client. However, it causes clients not to access the server or printer in the same subnet. This FAQ will guide you on how to allow the clients to access the server or printer in the same…
How to use ACL to isolate the clients in the same VLAN but connect to different switches?
Scenario: A user might have many switches in one site and want to isolate the clients in a specific VLAN that connects to different switches. Since port isolation cannot fulfill this requirement, users can use ACL to restrict. This FAQ is going to guide you on how to set the ACL. Topology: Configuration: Please navigate to…

Welcome!

It looks like you're new here. Sign in or register to get started.