This entry has been published on 2014-08-13 and may be out of date.
Last Updated on 2014-08-13.
The documentation of the Zyxel GS1900-48HP seems to be quite useless when it comes to security features. It does not explain what e.g. the Protected Port or similar features do in detail.
Anyway, in this tutorial you will see how to allow exactly one Ethernet device for one port. This makes sense e.g. if you have LAN ports outside your house (PoE doorbell etc.), or for companies to only allow certain devices to be connected.
Note: MAC addresses can always be modified, so this is not 100% secure, but better than nothing as at least it takes more time for the invader to find the correct MAC.
- Log into the web interface of your Zyxel GS1900 switch.
- Configuration -> MAC Table: Add an entry for your static MAC address you want to allow, and enter the correct port number.
- Security -> Port Security -> Global: Enable, Apply
- Security -> Port Security -> Port: Edit your port number. For Max Entry MAC Number, enter value 0 (not 1!).
- Test connectivity with a ping. For further testing, you can connect another hardware to the switch port, or enter a wrong static MAC in the table – ping should not work in these cases.
Following the official documentation (which is next to useless) I wasn’t able to do this, but thanks to this page, I managed do what I needed to do. Thanks! 🙂