Asante Technologies 3500 Series user manual Configuring Port Lock and Intruder Lock

Page 49

To enable New Node detection:

1.From the Configuration Menu, type t to access the Security Management Menu.

2.Type p to access the Port Security Configuration Menu, as shown in Figure 4-5.

3.Type t to choose Toggle Port Security Trap.

4.Type l to toggle the new node trap (if it is not already enabled).

Configuring Port Lock and Intruder Lock

The port intruder security measure allows you to create a port-trusted MAC address that is the only station with full rights to direct traffic to the port. Attempts to send traffic to the port from other stations are regarded as security intrusions, and can be disallowed. The security measure may be enabled as a port lock (security level 2) or an intruder lock (security level 3).

Note: The three security levels are mutually exclusive; a port can have security level 1, level 2, or level 3, but never a combination of security levels.

To configure security level 2 or 3, you must specify the port-trusted MAC address. You can either specify the address directly, or direct the system to trust the address of the first station that addresses the port. By trusting the first station to address the port, you can configure port security before you know which system will ultimately use that port.

When security level 2 (port lock) is enabled and an intruder attempts to direct traffic to the port, the port is immediately disabled. The port is then re-enabled only by clearing the security level by management.

When security level 3 (intruder lock) is enabled and an intruder attempts to direct traffic to the port, the switch locks out the intruder’s MAC address; the port will not accept any traffic from that station. The intruder’s address is then re-enabled only by clearing the security level by management.

Important! If you set security level 2 or 3, you should also set the Intruder Trap. If you do not set this trap, you will not receive notification that the port has been disabled. See “Setting the Intruder Trap” section below.

By default, security levels 2 and 3 are both disabled.

Configuring Security Level 2 or Level 3

To set security level 2 (port lock) or level 3 (intruder lock) on a port:

1.From the Configuration Menu, type t to access the Security Management Menu.

2.Type p to access the Port Security Configuration Menu.

3.Use the commands at the bottom of the menu to navigate to the unit and port needed.

4.Select u to Set/Clear port security.

5.Type s to set security.

6.Type 2 to select Port Security with Port Lock, or 3 to select Port Security with Intruder Lock.

7.Type 1 to have the system trust the first station that addresses this port, or type 2 to enter a specific port-trusted MAC address. If you type 2, you are prompted to enter an address where the values are hexadecimal and separated by colons, as follows: xx:xx:xx:xx:xx:xx

Setting the Intruder Trap

If you set security level 2 or 3, you should also ensure the Intruder Trap is set. Enabling this trap directs the system to send an alert to the designated trap receiver when an intruder tries to access the port. To set the intruder trap:

1.From the Configuration Menu, type t to access the Security Management Menu.

2.Type p to access the Port Security Configuration Menu.

3.Type t to choose Toggle Port Security Trap.

4.Type 2 to toggle the new node trap (if it is not already enabled).

49

Page 48 Page 50
Image 49
Page 48 Page 50
Contents IntraCore 3500 Series Quick Start Guide IntraCore 3500 Series Gigabit Ethernet Switches User’s ManualTable of Contents Page Introduction Package Contents1 IC3524 Models LEDs4810/100 2 IC3548-2GT#49 Front and Back Panel DescriptionsManagement and Configuration Web-Based Interface Console InterfaceSnmp Management Installation Overview Hardware Installation and SetupSafety Overview Recommended Installation Tools Installation into an Equipment RackPower Requirements Environmental RequirementsGbic Interfaces Installing a GbicEquipment Rack Guidelines Connecting Power Installing Optional Hardware ModulesRemoving a Gbic Gbic Care and Handling1 10/100BaseT Ports Cabling Procedures Connecting to the NetworkGigabit Ethernet Ports Cabling Procedures SetupConnecting to a Console Connecting Via the Web Browser Changing the PasswordConnecting Via Telnet Snmp Management IP AssignmentUsing the Stacking Feature IC3524 only Toggle Stacking Enable/Disable Accessing a Submenu ConfigurationLogging General Information Configuration MenuExiting a Submenu Changing System Administration Info System Administration ConfigurationBootstrap Configuration System IP ConfigurationChanging System IP Information Changing Community Strings Snmp ConfigurationAdding or Updating a Trap Receiver Enabling Authentication TrapsDeleting a Trap Receiver Basic Port Configuration Menu appears Port ConfigurationEnabling or Disabling a Port Configuring Auto-NegotiationConfiguring 1000BaseX Ports Configuring a Port ManuallyToggling Port Link Speed Toggling Half to Full DuplexSetting Port Class of Service Advanced Port ConfigurationEnabling or Disabling 802.3x Flow Control Global Port Configuration Setting Port Default PriorityDisplaying the Forwarding Database Unicast Forwarding Database ConfigurationSearching for a MAC Address Setting the MAC Address Age-Out TimeSecurity Management Port Mirroring ConfigurationVlan Management IP Multicast Traffic ManagementSetting the Monitor Port File Up/Downloading ConfigurationImage Downloading through Tftp Performing a Software Upgrade at Runtime Serial Downloading ConfigurationResetting the Switch System Reset ConfigurationPerforming a Software Upgrade System Log Scheduling a System ResetClearing the System Log User Interface ConfigurationSetting Telnet Idle Time-out Period Setting Console Idle Time-out PeriodSystem Utility Changing the PasswordEnabling or Disabling the Web Server Viewing Statistics Advanced Management Configuring Spanning Tree ParametersSpanning Tree Protocol Enabling and Disabling STPSetting Port Priority and Path Cost Spanning Tree Port ConfigurationDuplicated IP Detection and Trap Snmp and Rmon ManagementRmon Management Enabling and Disabling Duplicated IP Detection Enabling and Disabling Station Movement TrapEnabling and Disabling Duplicated IP Trap Viewing a List of Duplicated IP AddressesConfiguring Port New Node Detection Trap Configuring Port SecurityConfiguring Security Level 2 or Level Configuring Port Lock and Intruder LockSetting the Intruder Trap Resetting Security to Defaults Vlan Specifications for the IntraCore 3500 SeriesOther Vlan Features of the switch Inserting/Modifying a Port Trusted MAC AddressKkxxxxxx Kxxxxxxx Configuring Static Vlan GroupsAdvanced Static Vlan Configuration Setting the Port Vlan ID Configuring Vlan Port AttributesSpecifying Tagging or No Tagging for a Port Displaying a Summary of Vlan Groups Configuring Port Receive Frame TypeDisplaying a Vlan Port Summary Adding and Deleting VLANs from the PortMulticast Addresses Resetting Vlan Configuration to DefaultsIgmp Snooping Configuring IP Multicast Traffic ManagementEnabling and Disabling Igmp Snooping Displaying a Summary of Group AddressesAdding Ports to the Selected Address IP Multicast Forwarding Database ConfigurationInserting a Multicast Group Address Removing a Multicast Group Address To remove an addressWeb-Based Management Accessing with a Web BrowserGenl Info General Information Button Front Panel ButtonStatistics Button Port Config Port Configuration Button Span Tree Spanning Tree Button Addr Address Table Button Snmp ButtonVlan Button Port Configuration Creating or Modifying a Vlan Vlan ConfigurationAdding and Deleting Port Members Page Security Button Duplicate IP Button Snmp Management Operations Snmp ManagementSnmp Protocol MIB Tree Community Name and SecurityName Space Path MIB Groups SupportedPage VLANs Switching ConceptsPort-Based VLANs Vlan ID and Tagged FramesHow It Works Port Vlan IDSpanning Tree Parameters Full Duplex, Flow Control and Auto-negotiation Forward DelayFull Duplex Port PriorityAuto-Negotiation Flow ControlProblem Possible Solutions Appendix A. TroubleshootingFeatures Appendix B. Features and SpecificationsSpecifications Technical Support and Warranty Physical CharacteristicsEnvironmental Range Standards ComplianceFCC Compliance Statement Important Safety Instructions Appendix C. FCC Compliance and Warranty StatementsIntraCare Warranty Statement Page Appendix D. Console Port Pin Outs Pin Number Signal NameAppendix E. Online Warranty Registration Bootstrap Configuration Appendix F. BootP ConfigurationImage Banks Loading Software Locally
Top Page Image Contents