Mac Pinning; Chapter 31 Mac Pinning; Mac Pinning Overview; Mac Pinning Configuration - ZyXEL Communications GS3700 Series User Manual

This chapter shows you how to configure MAC pinning on the Switch.

31.1 MAC Pinning Overview

When the Switch obtains a connected device's MAC address, it adds an entry in the MAC address
forwarding table and uses the table to determine how to forward frames. In addition to the source
MAC address of a received frame, the Switch also learns the VLAN to which the device belongs and
the port on which the frame is received. If the Switch learns the same MAC address and same VLAN
ID on another port, it updates the MAC address table immediately.
MAC pinning allows you to set a port or multiple ports to have priority over other ports in MAC
address learning. That means when a MAC address (and VLAN ID) is learned on a MAC-pinning-
enabled port, the MAC address will not be learned on any other port until the aging time for the
dynamically learned MAC address in the table expires.
This helps enhance security. For example, when an attacker (A) sends packets to all connected
clients by spoofing the source MAC address of a server (B) connected to one of the Switch's ports,
on which MAC pinning is enabled, the responses from clients will still be forwarded to the server
according to the Switch's MAC forwarding table.
[MAC x, VLAN y]

31.2 MAC Pinning Configuration

Use this screen to enable MAC pinning on the Switch and on specific ports. Click Advanced
Application > MAC Pinning in the navigation panel to open the following screen.
B
GS3700/XGS3700 Series User's Guide
C
HAPTER

MAC Pinning

A
[MAC x, VLAN y]
263
3 1