Home » ZyXEL Manuals » Networking » ZyXEL VES1724-56B2 » Manual Viewer

ZyXEL VES1724-56B2 User Guide - Page 192

VLAN Security, Advanced Application > MAC Limit

Add to My Manuals
Save this manual to your list of manuals

Page 192 highlights

Chapter 19 MAC Limit The following table describes the labels in this screen. Table 79 MAC Limit LABEL DESCRIPTION Active Port Select this check box to enable the MAC limit feature on the Switch. Clear the check box to disable the feature. You must enable this for the Switch to apply the MAC limit settings for individual ports. This field displays the number of the port. Use the * entry to configure settings for all of the subscriber ports. Active SLF drop SLF stands for Source MAC address Look up Fail (SLF), which means the source MAC does not exist on the Switch. Select this check box to enable the MAC limit feature on this port. The Switch only forwards packets whose source MAC addresses can be found in the MAC address table and drops the other packets. Clear this check box to have the Switch also forward the packets whose source MAC addresses do not exist in the MAC address table. MAC Spoofing Select this check box to have the Switch detect whether a MAC address is connected to more than one port. When the Switch detects a spoofed MAC address on a subscriber port, it drops all the packets from the MAC address. Address Learning MAC address learning reduces outgoing broadcast traffic. Select this to have the Switch dynamically learn MAC addresses on the port. Limited Number of Learnt MAC Address Specify how many MAC addresses the Switch can dynamically learn on this port. For example, if you set this field to "5" on port 2, then only the devices with the first five learned MAC addresses can access port 2 at any one time. A sixth device would have to wait until one of the five learned MAC addresses aged out. MAC address aging time can be set in the Basic Setting > Switch Setup screen. The valid range is from 0 to 16K (16384). "0" means this feature is disabled, so the switch will learn MAC addresses up to the global limit of 16K. 19.2.1 MAC Limit: VLAN Security Click the VLAN Security link in the Advanced Application > MAC Limit screen to display VLAN security settings as the following screen. Use this screen to limit how many MAC addresses the Switch can dynamically learn on individual VLANs. Figure 118 MAC Limit: VLAN Security The following table describes the labels in this screen. Table 80 MAC Limit: VLAN Security LABEL Active DESCRIPTION Select this to limit the number of MAC addresses the Switch can dynamically learn on individual VLANs. 192 VES1724-56 User's Guide

Section	Page
VES1724-56	1
Contents Overview	3
Table of Contents	5
User’s Guide	17
Getting to Know Your Switch	19
1.1 Introduction	19
1.2 Applications	19
1.2.1 MTU Application	19
1.2.2 Curbside Application	20
1.3 Ways to Manage the Switch	21
1.4 Good Habits for Managing the Switch	21
Hardware Installation and Connection	23
2.1 Installation Scenarios	23
2.2 Desktop Installation Procedure	23
2.3 Mounting the Switch on a Rack	24
2.3.1 Rack-mounted Installation Requirements	24
2.3.2 Attaching the Mounting Brackets to the Switch	24
2.3.3 Mounting the Switch on a Rack	25
2.4 Connecting the Frame Ground	25
Hardware Overview	26
3.1 Front Panel	26
3.1.1 Power Connector	26
3.1.2 Gigabit Ethernet Ports	27
3.1.3 Mini-GBIC Slots	28
3.1.4 Management Port	29
3.1.5 Console Port	30
3.1.6 ALARM Slot	30
3.2 LEDs	31
The Web Configurator	33
4.1 Introduction	33
4.2 System Login	33
4.3 The Port Status Screen	34
4.3.1 Change Your Password	39
4.4 Saving Your Configuration	39
4.5 Switch Lockout	39
4.6 Resetting the Switch	40
4.6.1 Reload the Configuration File	40
4.7 Logging Out of the Web Configurator	41
4.8 Help	41
Initial Setup Example	42
5.1 Overview	42
5.2 Configuring Switch Management IP Address	42
5.2.1 Creating a VLAN	43
5.2.2 Setting Port VID	44
Tutorials	46
6.1 How to Use DHCP Relay Per VLAN on the Switch	46
6.1.1 DHCP Relay Tutorial Introduction	46
6.1.2 Creating a VLAN	46
6.1.3 Configuring Management IP Address	48
6.1.4 Configuring DHCP VLAN Settings	49
6.1.5 Testing the Connection	50
Technical Reference	51
System Status and Port Statistics	53
7.1 Overview	53
7.2 Port Status Summary	53
7.2.1 VDSL Port Status Change	54
7.2.2 VDSL Port Details	55
7.2.3 Bonding Group Details	65
7.2.4 VDSL Summary	66
7.2.5 Port Details	67
Basic Setting	70
8.1 Overview	70
8.2 System Information	70
8.3 General Setup	72
8.4 Introduction to VLANs	74
8.5 Switch Setup Screen	75
8.6 IPv6 Introduction	76
8.6.1 IPv6 Addressing	76
8.6.2 IPv6 Prefix and Prefix Length	77
8.6.3 IPv6 Subnet Masking	77
8.6.4 Interface ID	77
8.6.5 Link-local Address	77
8.6.6 Global Address	77
8.6.7 Unspecified	78
8.6.8 EUI-64	78
8.6.9 Stateless Autoconfiguration	78
8.7 IP Setup	79
8.7.1 Management IP Addresses	79
8.8 External Alarm Switch	81
8.9 Port Setup	82
8.10 Rate Limit Profile Setup	84
8.10.1 Per Queue Ratelimit Profile	85
8.11 Hardware Alarm Profile	87
8.12 CPE Port Status	87
8.13 IPv6 Setup	88
8.13.1 IPv6 Setup: Configuration	90
8.13.2 IPv6 ND Setup	91
8.13.3 IPv6 Neighbor Setup	91
8.14 SFP Threshold Setup	93
VDSL Setup	97
9.1 VDSL Overview	97
9.1.1 VDSL Profile Example	101
9.1.2 Primary and Fallback VDSL Templates Example	102
9.2 VDSL Line Setup	103
9.3 VDSL Template Setup	104
9.3.1 VDSL Line Profile Setup	106
9.3.2 VDSL Line Profile Setup > Rate Adaptive	109
9.3.3 VDSL Line Profile Setup > MIB PSD Mask	111
9.3.4 VDSL Line Profile Setup > DPBO	112
9.3.5 VDSL Line Profile Setup > RFI Band	113
9.3.6 VDSL Line Profile Setup > Virtual Noise	115
9.3.7 VDSL Channel Profile Setup	116
9.3.8 VDSL G.INP Setup	118
9.3.9 VDSL INM Profile Setup	119
9.4 VDSL Alarm Template Setup	121
9.4.1 VDSL Line Alarm Profile Setup	122
9.4.2 VDSL Channel Alarm Profile Setup	124
9.5 VDSL Bonding Setup	125
VLAN	129
10.1 Introduction to IEEE 802.1Q Tagged VLANs	129
10.1.1 Forwarding Tagged and Untagged Frames	129
10.1.2 VLAN Tagging Priority	130
10.2 Automatic VLAN Registration	130
10.2.1 GARP	130
10.2.2 GVRP	130
10.3 Port VLAN Trunking	131
10.4 Select the VLAN Type	131
10.5 Static VLAN	132
10.5.1 Static VLAN Status	132
10.5.2 VLAN Details	133
10.5.3 Configure a Static VLAN	134
10.5.4 Configure a VLAN Profile	135
10.5.5 Configure VLAN Port Settings	137
10.6 Subnet Based VLANs	138
10.7 Configuring Subnet Based VLAN	139
10.8 Protocol Based VLANs	141
10.9 Configuring Protocol Based VLAN	142
10.10 Create an IP-based VLAN Example	143
10.11 Configuring MAC Based VLAN	144
10.12 Port Based VLAN Setup	146
10.12.1 Configure a Port Based VLAN	147
10.13 VLAN Counter	150
Static MAC Forward Setup	152
11.1 Overview	152
11.2 Configuring Static MAC Forwarding	152
Static Multicast Forward Setup	154
12.1 Static Multicast Forwarding Overview	154
12.2 Configuring Static Multicast Forwarding	155
Filtering	158
13.1 Configure a Filtering Rule	158
Spanning Tree Protocol	160
14.1 STP/RSTP Overview	160
14.1.1 STP Terminology	160
14.1.2 How STP Works	161
14.1.3 STP Port States	161
14.1.4 Multiple RSTP	162
14.1.5 Multiple STP	162
14.2 Spanning Tree Protocol Status Screen	165
14.3 Spanning Tree Configuration	165
14.4 Configure Rapid Spanning Tree Protocol	166
14.5 Rapid Spanning Tree Protocol Status	167
14.6 Configure Multiple Rapid Spanning Tree Protocol	168
14.7 Multiple Rapid Spanning Tree Protocol Status	170
14.8 Configure Multiple Spanning Tree Protocol	171
14.9 Multiple Spanning Tree Protocol Status	173
Broadcast Storm Control	176
15.1 Broadcast Storm Control Setup	176
Mirroring	178
16.1 Port Mirroring Setup	178
Link Aggregation	180
17.1 Link Aggregation Overview	180
17.2 Dynamic Link Aggregation	180
17.2.1 Link Aggregation ID	181
17.3 Link Aggregation Status	181
17.4 Link Aggregation Setting	182
17.5 Link Aggregation Control Protocol	183
17.6 Static Trunking Example	184
Port Authentication	186
18.1 Port Authentication Overview	186
18.1.1 IEEE 802.1x Authentication	186
18.1.2 MAC Authentication	187
18.2 Port Authentication Configuration	188
18.2.1 Activate IEEE 802.1x Security	188
18.2.2 Activate MAC Authentication	189
MAC Limit	191
19.1 MAC Limit Overview	191
19.2 MAC Limit	191
19.2.1 MAC Limit: VLAN Security	192
Classifier	194
20.1 About the Classifier and QoS	194
20.2 Configuring the Classifier	194
20.3 Viewing and Editing Classifier Configuration	197
20.4 Classifier Example	199
Policy Rule	200
21.1 Policy Rules Overview	200
21.1.1 DiffServ	200
21.1.2 DSCP and Per-Hop Behavior	200
21.2 Configuring Policy Rules	200
21.3 Policy Example	204
Queuing Method	205
22.1 Queuing Method Overview	205
22.1.1 Strictly Priority Queuing	205
22.1.2 Weighted Fair Queuing	205
22.1.3 Weighted Round Robin Scheduling (WRR)	205
22.2 Configuring Queuing	206
VLAN Stacking	208
23.1 VLAN Stacking Overview	208
23.1.1 VLAN Stacking Example	208
23.2 VLAN Stacking Port Roles	209
23.3 VLAN Tag Format	210
23.3.1 Frame Format	210
23.4 Configuring VLAN Stacking	211
23.4.1 Port-based Q-in-Q	212
23.4.2 Selective Q-in-Q	214
23.4.3 Port-based InnerQ	215
Multicast	217
24.1 Multicast Overview	217
24.1.1 IP Multicast Addresses	217
24.1.2 IGMP Filtering	217
24.1.3 IGMP Snooping	217
24.1.4 IGMP Snooping and VLANs	218
24.1.5 IGMP Proxy	218
24.1.6 Multicast Listener Discovery	218
24.1.7 MLD Messages	218
24.2 Multicast Status	219
24.3 Multicast Setting	224
24.4 IGMP Snooping VLAN	226
24.5 IGMP Filtering Profile	227
24.6 MVR Overview	229
24.6.1 Types of MVR Ports	229
24.6.2 MVR Modes	229
24.6.3 How MVR Works	229
24.7 General MVR Configuration	230
24.8 MVR Group Configuration	232
24.8.1 MVR Configuration Example	234
Authentication and Accounting	236
25.1 Authentication, Authorization and Accounting	236
25.1.1 Local User Accounts	236
25.1.2 RADIUS and TACACS+	237
25.2 Authentication and Accounting Screens	237
25.2.1 RADIUS Server Setup	237
25.2.2 TACACS+ Server Setup	240
25.2.3 Authentication and Accounting Setup	242
25.2.4 Vendor Specific Attribute	244
25.3 Supported RADIUS Attributes	245
25.3.1 Attributes Used for Authentication	245
25.3.2 Attributes Used for Accounting	246
IP Source Guard	249
26.1 IP Source Guard Overview	249
26.1.1 DHCP Snooping Overview	249
26.1.2 ARP Inspection Overview	251
26.2 IP Source Guard	253
26.3 IP Source Guard Static Binding	253
26.4 DHCP Snooping	255
26.5 DHCP Snooping Configure	257
26.5.1 DHCP Snooping Port Configure	259
26.5.2 DHCP Snooping VLAN Configure	260
26.6 ARP Inspection Status	261
26.6.1 ARP Inspection VLAN Status	263
26.6.2 ARP Inspection Log Status	264
26.7 ARP Inspection Configure	265
26.7.1 ARP Inspection Port Configure	266
26.7.2 ARP Inspection VLAN Configure	268
Loop Guard	270
27.1 Loop Guard Overview	270
27.2 Loop Guard Setup	272
CFM	274
28.1 CFM Overview	274
28.1.1 How CFM Works	274
28.2 CFM MA	275
28.3 CFM MD	277
VLAN Mapping	278
29.1 VLAN Mapping Overview	278
29.1.1 VLAN Mapping Example	278
29.2 Enabling VLAN Mapping	279
29.3 Configuring VLAN Mapping	280
Layer 2 Protocol Tunneling	282
30.1 Layer 2 Protocol Tunneling Overview	282
30.1.1 Layer 2 Protocol Tunneling Mode	283
30.2 Configuring Layer 2 Protocol Tunneling	284
DoS Prevention	286
31.1 DoS Prevention Overview	286
31.2 Configuring DoS Prevention	286
PPPoE IA	288
32.1 PPPoE Intermediate Agent Overview	288
32.1.1 PPPoE Intermediate Agent Tag Format	288
32.1.2 Sub-Option Format	289
32.1.3 PPPoE IA Configuration Options	289
32.2 The PPPoE IA Status Screen	290
32.3 PPPoE IA Port Tel Configuration	290
32.4 PPPoE IA Global Configuration	291
32.5 PPPoE IA VLAN Configuration	293
32.6 ADSL Fallback	295
32.6.1 PVC Configuration	295
32.6.2 IPPVC Configuration	297
32.6.3 PAEPVC Configuration	299
Static Route	301
33.1 Static Routing Overview	301
33.2 Configuring Static Routing	302
Differentiated Services	304
34.1 DiffServ Overview	304
34.1.1 DSCP and Per-Hop Behavior	304
34.1.2 DiffServ Network Example	304
34.2 Two Rate Three Color Marker Traffic Policing	305
34.2.1 TRTCM-Color-blind Mode	306
34.2.2 TRTCM-Color-aware Mode	306
34.3 Activating DiffServ	306
34.3.1 Configuring 2-Rate 3 Color Marker Settings	307
34.4 DSCP-to-IEEE 802.1p Priority Settings	309
34.4.1 Configuring DSCP Settings	309
DHCP	311
35.1 DHCP Overview	311
35.1.1 DHCP Modes	311
35.1.2 DHCP Configuration Options	311
35.2 DHCP Status	311
35.3 DHCP Port Tel	312
35.4 DHCP Relay	313
35.4.1 DHCP Relay Agent Information	313
35.4.2 DHCP Relay Agent Information Format	313
35.4.3 Sub-Option Format	313
35.4.4 Configuring DHCP Global Relay	314
35.4.5 Global DHCP Relay Configuration Example	317
35.5 Configuring DHCP VLAN Settings	318
35.5.1 Example: DHCP Relay for Two VLANs	320
35.6 DHCPv6 LDRA	321
35.6.1 DHCPv6 Counter	324
35.6.2 Snooping Configure	324
Maintenance	327
36.1 The Maintenance Screen	327
36.2 Firmware Upgrade	328
36.2.1 Dual Firmware Image	328
36.3 Restore a Configuration File	329
36.4 Backup a Configuration File	330
36.5 Load Factory Default	330
36.6 Save Configuration	331
36.7 Reboot System	331
36.8 FTP Command Line	331
36.8.1 Filename Conventions	331
36.8.2 FTP Command Line Procedure	332
36.8.3 GUI-based FTP Clients	333
36.8.4 FTP Restrictions	333
Access Control	334
37.1 Access Control Overview	334
37.2 The Access Control Main Screen	334
37.3 About SNMP	334
37.3.1 SNMP v3 and Security	335
37.3.2 Supported MIBs	336
37.3.3 SNMP Traps	336
37.3.4 Configuring SNMP	342
37.3.5 Configuring SNMP Trap Group	344
37.3.6 Setting Up Login Accounts	344
37.4 SSH Overview	346
37.5 How SSH works	346
37.6 SSH Implementation on the Switch	347
37.6.1 Requirements for Using SSH	347
37.7 Introduction to HTTPS	347
37.8 HTTPS Example	348
37.8.1 Internet Explorer Warning Messages	348
37.8.2 Mozilla Firefox Warning Messages	351
37.8.3 The Main Screen	352
37.9 Service Port Access Control	353
37.10 Remote Management	354
Diagnostic	356
38.1 Diagnostic	356
Syslog	358
39.1 Syslog Overview	358
39.2 Syslog Setup	359
39.3 Syslog Server Setup	360
Loop Diagnostic	361
40.1 Dual-End Loop Test	361
40.2 Single-End Loop Test (SELT)	363
MAC Table	365
41.1 MAC Table Overview	365
41.2 Viewing the MAC Table	366
ARP Table	367
42.1 ARP Table Overview	367
42.1.1 How ARP Works	367
42.2 Viewing the ARP Table	367
Hardware Information	369
43.1 Hardware Information	369
CFM Action	370
44.1 CFM Action	370
IPv6 Cache	372
45.1 Overview	372
45.2 Neighbor Cache	373
45.3 Router	374
45.4 Path MTU	375
Troubleshooting	377
46.1 Power, Hardware Connections, and LEDs	377
46.2 Switch Access and Login	378
46.3 Switch Configuration	380
Product Specifications	381
Common Services	397
Legal Information	401

Match case Limit results 1 per page

Chapter 19 MAC Limit

VES1724-56 User’s Guide

192

The following table describes the labels in this screen.

19.2.1

MAC Limit: VLAN Security

Click the

VLAN Security

link in the

Advanced Application > MAC Limit

screen to display VLAN

security settings as the following screen. Use this screen to limit how many MAC addresses the

Switch can dynamically learn on individual VLANs.

Figure 118

MAC Limit: VLAN Security

The following table describes the labels in this screen.

Table 79

MAC Limit

LABEL

DESCRIPTION

Active

Select this check box to enable the MAC limit feature on the Switch. Clear the check box to

disable the feature. You must enable this for the Switch to apply the MAC limit settings for

individual ports.

Port

This field displays the number of the port. Use the * entry to configure settings for all of the

subscriber ports.

Active SLF drop

SLF stands for Source MAC address Look up Fail (SLF), which means the source MAC does

not exist on the Switch. Select this check box to enable the MAC limit feature on this port.

The Switch only forwards packets whose source MAC addresses can be found in the MAC

address table and drops the other packets.

Clear this check box to have the Switch also forward the packets whose source MAC

addresses do not exist in the MAC address table.

MAC Spoofing

Select this check box to have the Switch detect whether a MAC address is connected to more

than one port. When the Switch detects a spoofed MAC address on a subscriber port, it drops

all the packets from the MAC address.

Address

Learning

MAC address learning reduces outgoing broadcast traffic. Select this to have the Switch

dynamically learn MAC addresses on the port.

Limited Number

of Learnt MAC

Address

Specify how many MAC addresses the Switch can dynamically learn on this port. For

example, if you set this field to "5" on port 2, then only the devices with the first five learned

MAC addresses can access port 2 at any one time. A sixth device would have to wait until

one of the five learned MAC addresses aged out. MAC address aging time can be set in the

Basic Setting

Switch Setup

screen.

The valid range is from 0 to 16K (16384). “0” means this feature is disabled, so the switch

will learn MAC addresses up to the global limit of 16K.

Table 80

MAC Limit: VLAN Security

LABEL

DESCRIPTION

Active

Select this to limit the number of MAC addresses the Switch can dynamically learn on

individual VLANs.