Network Security - Zyxel Community

How to implement Compound Authentication with Dynamic VLAN Assignment?
Dynamic VLAN Assignment separates and isolates devices into different network segments based on the device or user authorization and their characteristics. Scenario and Topology Configuration The following steps are applicable for switches supporting compound authentication. MAC authentication + Dynamic VLAN assignment is…
How to configure port security to disable dynamic MAC learning and allow access to particular device
The port security feature allows user to limit the number of connected devices by limiting the number of dynamic MAC address that can be learned on the port. However, there are scenarios that we would like only certain trusted/known devices that can have access, but block any unknown “rogue” devices. Let’s say in a small…
How to use ACL to mirror traffic of a specific criteria
The port mirroring feature allows user to duplicate a traffic flow to the monitor port in order to examine/monitor the traffic from the monitor port without interference. It’s useful for troubleshooting or scenarios involving supervisory control. However, there are some cases that monitor port somehow receives numbers of…
How to Separate Traffic through L2 Port Isolation
It’s a common application that we desire to separate or isolate the mutual traffic between various clients/devices on switches in a network environment. The most intuitive implementation is to create different VLANs to logically segment a LAN into different broadcast domains to achieve the goal. However, there are certain…
How to configure the switch & RADIUS server to implement 802.1x Port-auth w/ Dynamic VLAN Assignment
Zyxel switch models support 802.1x Port Authentication that forces hosts to submit valid user credentials to be authenticated by an authentication server (In this case would be RADIUS Server) before their traffic can be forwarded across the switch. Dynamic VLAN Assignment, a variation of Port Authentication, allows host…
How to configure a whitelist for remote management to prevent unauthorized access
The example shows administrators how to configure a whitelist for host devices that prevents attempted access from unauthorized devices or subnets. The whitelist inspects the source IP addresses of hosts and the types of services accessing the switch (Ex: Telnet, FTP, HTTP…..). Note: All network IP addresses and subnet…
How to change the default administrator password
The example shows administrators how to change the default administrator password used for management access. Failure to change the default administrator password is a security risk that allows unauthorized user access to your device’s management. Note: All network IP addresses and subnet masks are used as examples in this…
How to configure ACL to block unwanted traffic
The example shows administrators how to use ACL to block unwanted traffic. We can set different criteria to identify unwanted traffic. The example will use ACL to prevent only a single host in VLAN 10 from accessing the Server. Note: All network IP addresses and subnet masks are used as examples in this article. Please…
How to configure IPSG static binding for trusted network devices
This example will instruct the administrator on how to configure the switch to allow an administrator device to use a static IP address on the access port even while ARP Inspection in enabled. This allows the administrator device more freedom and take advantage of IP-specific policies configured on the network while…
How to protect switches against rogue DHCP servers?
This example will instruct the administrator on how to configure the switch to protect the network from attackers sending false IP configurations to clients. DHCP Snooping blocks DHCP offers coming from an untrusted port. Untrusted ports are usually ports connected to office workstations or publicly accessible jacks. Note:…
How to configure the switch to prevent ARP spoofing
This example will instruct the administrator on how to configure the switch to protect the network from attackers using the same IP Addresses of core network components (ex. servers or gateways). ARP Spoofing is a type of attack that can cause either denial of services or an unwanted man-in-the-middle receiving sensitive…
How to configure the switch and RADIUS server to provide network access through device's MAC address
This example will instruct the administrator on how to configure the switch to provide access to machines with specific MAC addresses. With MAC Authentication, the organization can ensure that only devices provided by the organization can access internal resources. Note: All network IP addresses and subnet masks are used…
How to configure the switch to send unauthorized users in a Guest VLAN
The example shows administrators how to use Guest VLAN for users that fails or used an invalid user credential during 802.1x port authentication. In a real application, we may need to allow guests to access the USG so that they can access the Internet, but still isolated from Private-Server. On the contrary, we have to…
How to configure the switch and RADIUS Server to provide network access through 802.1x Port-Auth
This example will instruct the administrator on how to configure the switch to provide access to machines that provides valid user credentials. With 802.1x Port Authentication, the organization can ensure that only authorized personnel can access core network resources. Note: All network IP addresses and subnet masks are…
How to configure the switch to prevent IP scanning
In this example, we will use Anti-ARP Scan to prevent attackers from identifying all network devices in the local area network. ARP Scanning is a method by which attackers send multiple ARP request packets in a very short period of time to flood across the entire broadcast domain. Note: All network IP addresses and subnet…
How to configure MAC filter to block unwanted traffic
The example shows administrators how to configure MAC filter to block unwanted traffic. In this example, Switch-1 will block traffic based on which device sends the packet or which device receives the packet. Note: All network IP addresses and subnet masks are used as examples in this article. Please replace them with your…
How to configure port security to limit the number of connected devices
The example shows administrators how to configure port security to limit the number of connected devices. In a real environment, port security controls the number of users connecting to a server. Note: All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual…

Welcome!

It looks like you're new here. Sign in or register to get started.