NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
The best way of deploying a static group of MAC addresses on GS752TX that can access the network.
I would like to configure the group of ports on the S3300-52X switch so that only the devices within the indicated MAC addresses space can access the LAN and communicate with the other ports. However...
Hello
First of all, thank you very much for the hint which led me to resolve the case.In order to achieve the blocking of "unknown" MAC addresses on the switch and the admission to the network only defined addresses on the GS752TX with latest at the moment firmware 6.6.4.9 installed you must do the following:
1. Define on selected ports in selected VLANs (if they are set, because by default VLAN1 is set on all ports, this is equivalent to the absence of any VLANs set) MAC addresses of network cards of connected clients. (Note: More than one static MAC can be defined on one port).
Main Menu -> Switching -> Address Table -> Advanced -> Static MAC Addresses
2. Next, in the menu Security -> Traffic Control -> Port Security -> Interface Configuration, select the port with the assigned MAC addresses and, what is important, set the "Max Learned MAC Address" to "0". If you do not set it, the port will continue to accept undefined MAC addresses. Defined MACs will only work on the port assigned to them. We did not want to accept any MAC addresses unknown to the switch. Therefore, setting the "Max Learned MAC Address" to "0" is so important.
I think that the matter can be treated as resolved.
Best regards
Witek
Hi wtosta,
Welcome to the community! :)
Here is what I suggest: First, add the specific MAC Addresses on the Address Table. To do this, login to the web-GUI of the S3300-52X switch then go to Switching > Address Table > Advanced > Static MAC Address then specify the interface you want to associate the MAC Addresses. As reference, read page 191 of the S330 Software Administration Manual here. Then finally, configure Port Security.
Let me share the old forum thread below since your concern is similar to it:
If ever your concern has been addressed or resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
Regards,
DaneA
NETGEAR Community Team
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
