error number: -4008 Static host have reached the maximum number

piopiopio
piopiopio Posts: 3
First Comment
edited April 2021 in Security
Hey,

I have a problem configuring the ZyWALL USG 50. All the Wifi users are added to the IPMAC Binding and then by the IP addresses added to Object groups granting either only local access or also WAN. I have 102 bindings and when I trying to add another one I am receiving an error:

'CLI Number: 16
Error Number: -4008
Error Message: 'Static host have reached the maximum number.'

 The interface IP is 192.168.20.20 (255:255:255:0).
DHCP pool start addresss is 192.168.20.130, pool size: 126.

What can be the problem here?

Comments

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @piopiopio,
    The error message indicated that the IP-mac binding list reach the maximum number, so that it is unable to add new static host.
    Please try to reduce the IP-Mac static binding list.
  • piopiopio
    piopiopio Posts: 3
    First Comment
    Is there a limit of static bindings per interface? I can find that information anywhere. 

    It is hard for me to reduce the binding list - I have all the network users added as objects so that I am able to restrict their permissions (access to WAN, file server, SharePoint ...).

    In order to do that I have to add every client (MAC) to the binding list to get a static IP. 

    Or maybe there is some other way to do that?

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited June 2018
    Hi @piopiopio,
    It’s total amount, not per interface, if your static binding list amount reach this model limitation, I would suggest to use USG-110(it can up to 256).
  • piopiopio
    piopiopio Posts: 3
    First Comment
    Thank you for your help.

    As far as I know there is no mac filter on USG-50. Is there any other way to group clients or deny/allow access to clients based on their mac address? It will be more than 100 clients so  IP/MAC binding won't do the job. 
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @piopiopio,
    It is unable to group clients by their mac address at current design.

Security Highlight