ES-2024 Series Switch Support Notes
Switching security
MAC freeze
As an added protection against network intrusion attacks, ZyXEL has
implemented the MAC Freeze feature on ES-3124, ES-3124PWR, GS-2024
and ES-2024A. Security has been the focus of our Ethernet switch design.
This feature will also be available for GS-4024, GS-4012F, ES-2024A and new
switch models in future firmware releases.
With the MAC freeze feature enabled, dynamic MAC addresses on specified
ports are stored in the static MAC address table. At the same time, MAC
address learning is disabled on these ports thus denying network access for
computers within unknown MAC addresses.
Without the MAC freeze function, any computer can access the network
through a switch port. The port automatically learns the computer's MAC
address and stores that to the MAC address table.
Activate the MAC freeze function on a port by entering the
port-security [port
command in the CLI.
number] MAC-freeze
The following figure shows an example where the MAC freeze feature is
enabled on port 6. The switch automatically copies all dynamically learnt MAC
address on port 6 to the static MAC address.
Figure 1: Enable MAC Freeze Example
46
All contents copyright (c) 2006 ZyXEL Communications Corporation.