A question about the port security setting

KinGsman
KinGsman Posts: 7  Freshman Member
First Anniversary First Comment
edited August 2022 in Switch
Hello guys, 

Recently, I met a problem about the setting of port security. 
I used XGS4600-32 as the core switch, which connects to the Internet. 
Then I used GS2210-24 to connect to the XGS4600-32. 
To control the PC numbers to access the Internet, I enable the port security on the port connected to GS2210 and set the "limited number of learned MAC address" as 20 on XGS4600. (Because I plan to let only 20 colleagues from the department to access the Internet.)

The problem I met is that there is always 1 colleague tell me that he/she cannot access the internet. 
I have no choice but to add the "limited number of learned MAC address" as 21 and the situation doesn't happen anymore. 
I'm just curious why I have to set one more MAC number? 
Does anyone know why?

Thanks!

Comments

  • JasonTsai
    JasonTsai Posts: 104  Zyxel Employee
    First Anniversary ZCNE Nebula Level 1 Certification - 2019 Friend Collector First Comment
    edited September 2017
    Hi @KinGsman,

    Welcome to Zyxel community!

    The reason why you have this issue is the MAC address of GS2210 will be also learned in the MAC table of XGS4600.

    You may access CLI and use "show mac address-table port X".
    Or, access WebGUI and see the MAC table if there are already 20 MAC addresses and the MAC address of GS2210 is included before you change the limit number to 21.

    Hope it helps.
    Jason
  • KinGsman
    KinGsman Posts: 7  Freshman Member
    First Anniversary First Comment
    Hi Jason,

    Thanks for your reply!
    Now I know the reason! How can I forget GS2210!?
    After checking the MAC table, I found that the MAC of GS2210 is really on the MAC table.
    Thanks for help!!
  • CrazyTacos
    CrazyTacos Posts: 53  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    Interesting topic. I've learned early on to always trust the MAC address table.  :)
  • Username_is_reserved
    Username_is_reserved Posts: 106  Ally Member
    First Anniversary 10 Comments Friend Collector

    Hi

    I will buy a Handfull GS2210 and will use Port Security to.

    Cisco offer a nice feature when a unknown device is plugin the switch put that device in an guest Vlan.

    Can the GS2210 Series to? With the Zyxel iStacking can I config Vlans, Port Security in one?

    Thanks

  • Zyxel小編 Lucious
    Zyxel小編 Lucious Posts: 278  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment

    Hi @Username_is_reserved

    1.

    Guest VLAN is a feature can be combined with 802.1x port authentication.

    GS2210 can support it, please see attachment for some detailed info.

    2.

    Yes, you can config both VLAN and Port security in iStacking.

    Zyxel_Lucious


  • Username_is_reserved
    Username_is_reserved Posts: 106  Ally Member
    First Anniversary 10 Comments Friend Collector

    Thanks with iStacking I can configure (at least the most important) function of all 2210 at once?

    Like Vlan, Port Security think? (Like when mac adr., client,... plug in a Ethernet cable than put it into Vlan ID X)?

    Is there anythink (common) who could NOT be configured) in a mass via iStacking or is there anythink I should know before I buy it?


    I will soon start a now post with my own question about the Switch.

  • Zyxel小編 Lucious
    Zyxel小編 Lucious Posts: 278  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment

    Hi @Username_is_reserved


    The iStacking feature is to allow you access other member's configuration in manager's web-GUI (see image below), the configurations of members are still individual.

    As for what can be configured in iStacking, please see image in my previous reply.


    Zyxel_Lucious