Mac Pinning; Chapter 34 Mac Pinning; Mac Pinning Overview; Mac Pinning Configuration - ZyXEL Communications XS3800-28 User Manual

This chapter shows you how to configure MAC pinning on the Switch.

34.1 MAC Pinning Overview

When the Switch obtains a connected device's MAC address, it adds an entry in the MAC address
forwarding table and uses the table to determine how to forward frames. In addition to the source MAC
address of a received frame, the Switch also learns the VLAN to which the device belongs and the port
on which the frame is received. If the Switch learns the same MAC address and same VLAN ID on
another port, it updates the MAC address table immediately.
MAC pinning allows you to set a port or multiple ports to have priority over other ports in MAC address
learning. That means when a MAC address (and VLAN ID) is learned on a MAC-pinning-enabled port,
the MAC address will not be learned on any other port until the aging time for the dynamically learned
MAC address in the table expires.
This helps enhance security. For example, when an attacker (A) sends packets to all connected clients
by spoofing the source MAC address of a server (B) connected to one of the Switch's ports, on which
MAC pinning is enabled, the responses from clients will still be forwarded to the server according to the
Switch's MAC forwarding table.

34.2 MAC Pinning Configuration

Use this screen to enable MAC pinning on the Switch and on specific ports. Click Advanced Application
> MAC Pinning in the navigation panel to open the following screen.
C

MAC Pinning

XS3800-28 User's Guide
361
H A P T E R
34