Switching security mac freeze – ZyXEL Communications ZyXEL Dimension ES-3124-4F User Manual

ES-3100 Series Switch Support Notes

All contents copyright (c) 2006 ZyXEL Communications Corporation.

90

Switching security

MAC freeze

As an added protection against network intrusion attacks, ZyXEL has
implemented the MAC Freeze feature on ES-2108 Series, ES-3124, ES-2024,
ES-3100 Series and ES-4024A. Security has been the focus of our Ethernet
switch design. This feature will also be available for GS-4024, GS-4012F,
GS-3012 Series, GS-2024 and new switch models in future firmware releases.

With the MAC freeze feature enabled, dynamic MAC addresses on specified
ports are stored in the static MAC address table. At the same time, MAC
address learning is disabled on these ports thus denying network access for
computers within unknown MAC addresses.
Without the MAC freeze function, any computer can access the network
through a switch port. The port automatically learns the computer’s MAC
address and stores that to the MAC address table.

Activate the MAC freeze function on a port by entering the

port-security [port

number] MAC-freeze

command in the CLI.

The following figure shows an example where the MAC freeze feature is
enabled on port 6. The switch automatically copies all dynamically learnt MAC
address on port 6 to the static MAC address.

Figure 1: Enable MAC Freeze Example