Asante Technologies 3500 Series user manual Configuring Port Security

Page 48

4.3.3 Configuring Port Security

To access the Port Security Configuration Menu, type t in the Configuration Menu to access the Security Management Menu, then type p to access the Port Security Configuration Menu. A screen similar to the following will appear:

IntraCore 3524

Port Security Configuration Menu

Unit Type: [24-100TX/RJ45]

Unit: 01 Port:

01

 

Unit Port Security Info:

[+: Port Security Enabled, -: No Port Security, !: Port Disabled By Security]

Port Security Status:

[01]-------- [09]-------- [17]-------- [25]--XXXXXX

Port Security Type:

<none>

Port New Node Detect

Trap Status: [Disabled]

Port Intruder Detect Trap Status: [Enabled]

Port Trusted MAC Address: [<none>]

<Cmd>

<Description>

u

Set/Clear Port Security

t

Toggle Port Security Trap Enable/Disable

i

Insert/Modify Port Trusted MAC Address

d

Display Port Intruder Nodes

h

Port Security Help

q

Return to previous menu

Command>

Select U)nit Nex)t unit Prev) unit S)elect port N)ext port P)rev port

Configuring Port New Node Detection Trap

The port new node detection trap security measure (also called “port security trap”) ensures that when any new device is connected to the secured port, an alert will be sent to the designated trap receiver. The new device is detected when it is connected to the switch and its MAC address is recognized as one not present in the current address table. The information shown in the alert is the new node’s MAC address and IP address (if available) and the port to which they are connected.

Once a device has been connected and has generated traffic on the network, the trap will not be re-sent. If the switch ages out the MAC address of a connected device from its forwarding database, new traffic from that device will result in a new node trap being sent. The default age-out time is 300 seconds. You may reduce the number of traps sent by lengthening the age-out time, as explained in “Setting the MAC Address Age-Out Time” in Chapter 3.

By default, New Node detection is disabled.

To enable or disable detection of a new node on the system, you must first set the security level on a port or group of ports to 1. Then, if it is not already enabled, you must enable New Node detection.

To set security level 1 on a port:

1.From the Configuration Menu, type t to access the Security Management Menu.

2.Type p to access the Port Security Configuration Menu.

3.Select u to Set/Clear port security.

4.Type s to set security.

5.Type the numbers of the ports for which you want to set the security. You can specify a single port, a series of port numbers separated by commas, a range of ports shown with a hyphen, or a combination of ranges and single ports. For example, type 1-8, 14 to specify ports one through eight, and port fourteen. See Help for more information.

6.Type l for Port Security Level 1.

48

Page 47 Page 49
Image 48
Page 47 Page 49
Contents IntraCore 3500 Series Quick Start Guide Gigabit Ethernet Switches User’s Manual IntraCore 3500 SeriesTable of Contents Page Package Contents IntroductionLEDs 1 IC3524 Models2 IC3548-2GT 4810/100Front and Back Panel Descriptions #49Management and Configuration Console Interface Web-Based InterfaceSnmp Management Hardware Installation and Setup Installation OverviewSafety Overview Installation into an Equipment Rack Recommended Installation ToolsPower Requirements Environmental RequirementsInstalling a Gbic Gbic InterfacesEquipment Rack Guidelines Installing Optional Hardware Modules Connecting PowerRemoving a Gbic Gbic Care and HandlingConnecting to the Network 1 10/100BaseT Ports Cabling ProceduresSetup Gigabit Ethernet Ports Cabling ProceduresConnecting to a Console Changing the Password Connecting Via the Web BrowserConnecting Via Telnet IP Assignment Snmp ManagementUsing the Stacking Feature IC3524 only Toggle Stacking Enable/Disable Configuration Accessing a SubmenuLogging Configuration Menu General InformationExiting a Submenu System Administration Configuration Changing System Administration InfoSystem IP Configuration Bootstrap ConfigurationChanging System IP Information Snmp Configuration Changing Community StringsEnabling Authentication Traps Adding or Updating a Trap ReceiverDeleting a Trap Receiver Port Configuration Basic Port Configuration Menu appearsConfiguring Auto-Negotiation Enabling or Disabling a PortConfiguring a Port Manually Configuring 1000BaseX PortsToggling Port Link Speed Toggling Half to Full DuplexAdvanced Port Configuration Setting Port Class of ServiceEnabling or Disabling 802.3x Flow Control Setting Port Default Priority Global Port ConfigurationUnicast Forwarding Database Configuration Displaying the Forwarding DatabaseSetting the MAC Address Age-Out Time Searching for a MAC AddressPort Mirroring Configuration Security ManagementVlan Management IP Multicast Traffic ManagementFile Up/Downloading Configuration Setting the Monitor PortImage Downloading through Tftp Serial Downloading Configuration Performing a Software Upgrade at RuntimeSystem Reset Configuration Resetting the SwitchPerforming a Software Upgrade Scheduling a System Reset System LogUser Interface Configuration Clearing the System LogSetting Console Idle Time-out Period Setting Telnet Idle Time-out PeriodChanging the Password System UtilityEnabling or Disabling the Web Server Viewing Statistics Configuring Spanning Tree Parameters Advanced ManagementSpanning Tree Protocol Enabling and Disabling STPSpanning Tree Port Configuration Setting Port Priority and Path CostSnmp and Rmon Management Duplicated IP Detection and TrapRmon Management Enabling and Disabling Station Movement Trap Enabling and Disabling Duplicated IP DetectionEnabling and Disabling Duplicated IP Trap Viewing a List of Duplicated IP AddressesConfiguring Port Security Configuring Port New Node Detection TrapConfiguring Port Lock and Intruder Lock Configuring Security Level 2 or LevelSetting the Intruder Trap Vlan Specifications for the IntraCore 3500 Series Resetting Security to DefaultsOther Vlan Features of the switch Inserting/Modifying a Port Trusted MAC AddressConfiguring Static Vlan Groups Kkxxxxxx KxxxxxxxAdvanced Static Vlan Configuration Configuring Vlan Port Attributes Setting the Port Vlan IDSpecifying Tagging or No Tagging for a Port Configuring Port Receive Frame Type Displaying a Summary of Vlan GroupsDisplaying a Vlan Port Summary Adding and Deleting VLANs from the PortResetting Vlan Configuration to Defaults Multicast AddressesConfiguring IP Multicast Traffic Management Igmp SnoopingEnabling and Disabling Igmp Snooping Displaying a Summary of Group AddressesIP Multicast Forwarding Database Configuration Adding Ports to the Selected AddressInserting a Multicast Group Address Removing a Multicast Group Address To remove an addressAccessing with a Web Browser Web-Based ManagementFront Panel Button Genl Info General Information ButtonStatistics Button Port Config Port Configuration Button Span Tree Spanning Tree Button Snmp Button Addr Address Table ButtonVlan Button Port Configuration Vlan Configuration Creating or Modifying a VlanAdding and Deleting Port Members Page Security Button Duplicate IP Button Snmp Management Snmp Management OperationsSnmp Protocol Community Name and Security MIB TreeName Space Path MIB Groups SupportedPage Switching Concepts VLANsPort-Based VLANs Vlan ID and Tagged FramesPort Vlan ID How It WorksSpanning Tree Parameters Forward Delay Full Duplex, Flow Control and Auto-negotiationFull Duplex Port PriorityFlow Control Auto-NegotiationAppendix A. Troubleshooting Problem Possible SolutionsAppendix B. Features and Specifications FeaturesSpecifications Physical Characteristics Technical Support and WarrantyEnvironmental Range Standards ComplianceAppendix C. FCC Compliance and Warranty Statements FCC Compliance Statement Important Safety InstructionsIntraCare Warranty Statement Page Pin Number Signal Name Appendix D. Console Port Pin OutsAppendix E. Online Warranty Registration Appendix F. BootP Configuration Bootstrap ConfigurationImage Banks Loading Software Locally
Top Page Image Contents