Asante Technologies 35160 user manual Configuring Port New Node Detection Trap

Page 49

Configuring Port New Node Detection Trap

The port new node detection trap security measure (also called “port security trap”) ensures that when any new device is connected to the secured port, an alert will be sent to the designated trap receiver. The new device is detected when it is connected to the switch and its MAC address is recognized as one not present in the current address table. The information shown in the alert includes the new node’s MAC address and IP address (if available) and the port to which they are connected.

After a device has been connected and has generated traffic on the network, the trap will not be re-sent. If the switch ages out the MAC address of a connected device from its forwarding database, new traffic from that device will result in a new node trap being sent. The default age-out time is 300 seconds. The user may reduce the number of traps sent by lengthening the age-out time, as explained in “Setting the MAC Address Age-Out Time” in Chapter 3.

By default, New Node detection is disabled.

To enable or disable detection of a new node on the system, first set the security level on a port or group of ports to 1. Then, if it is not already enabled, enable New Node detection.

To set security level 1 on a port:

1.From the Configuration Menu, type t to access the Security Management Menu.

2.Type p to access the Port Security Configuration Menu.

3.Select o to Set/Clear port security.

4.Type s to set security.

5.Type the numbers of the ports on which to set the security. The manager can specify a single port, a series of port numbers separated by commas, a range of ports shown with a hyphen, or a combination of ranges and single ports. For example, type 1-8, 14 to specify ports one through eight, and port fourteen. See Help for more information.

6.Type l for Port Security Level 1.

To enable New Node detection:

1.From the Configuration Menu, type t to access the Security Management Menu.

2.Type p to access the Port Security Configuration Menu.

3.Type t to choose Toggle Port Security Trap.

4.Type 1 to toggle the new node trap (if it is not already enabled).

Configuring Port Lock and Intruder Lock

The port intruder security measure creates a port-trusted MAC address that is the only station with full rights to have traffic the port. Attempts to send traffic to the port from other stations are regarded as security intrusions, and can be disallowed. The security measure may be enabled as a port lock (security level 2) or an intruder lock (security level 3).

Note: The three security levels are mutually exclusive; a port can have security level 1, level 2, or level 3, but never a combination of security levels.

To configure security level 2 or 3, specify the port-trusted MAC address directly, or direct the system to trust the address of the first station that addresses the port. By trusting the first station to address the port, the manager can configure port security before knowing which system will ultimately use that port.

When security level 2 (port lock) is enabled and an intruder attempts to direct traffic to the port, the port is immediately disabled. The port is then re-enabled only by clearing the security level by management.

When security level 3 (intruder lock) is enabled and an intruder attempts to direct traffic to the port, the switch locks out the intruder’s MAC address; the port will not accept any traffic from that station. The intruder’s address is then re-enabled only by clearing the security level by management.

Important! If the security level is set at 2 or 3, the Intruder Trap must also be set. If this trap is not set, no notification that the port has been disabled can be received. See “Setting the Intruder Trap” section below.

49

Page 48 Page 50
Image 49
Page 48 Page 50
Contents IntraCore 35160 Series Quick Start Guide IntraCore 35160 Series Layer 2 Gigabit Switches User’s ManualTable of Contents Page Introduction FeaturesPackage Contents SwitchCore CXE2010LEDs 2 IC35160-G 1 IC35160-TFront and Back Panel Descriptions Management and ConfigurationWeb-Based Interface Console InterfaceSnmp Management Installation Overview Hardware Installation and SetupSafety Overview Recommended Installation ToolsPower Requirements Installation into an Equipment RackEnvironmental Requirements Cooling and AirflowGbic Interfaces Installing a GbicConnecting Power Installing the Optional Emergency Power SupplyRemoving a Gbic Gbic Care and Handling1 10/100/1000BaseT Ports Cabling Procedures Connecting to the NetworkGigabit Ethernet Ports Cabling Procedures SetupConnecting to a Console Connecting Via Telnet Connecting Via the Web BrowserIP Assignment Changing the PasswordSimple Network Management Protocol Snmp Accessing a Submenu ConfigurationLogging Exiting a SubmenuGeneral Information Configuration MenuChanging System Administration Info Administration ConfigurationPort Configuration System IP ConfigurationChanging System IP Information Page Enabling or Disabling a Port Advanced Port ConfigurationSetting Port Default Priority Setting Port Class of ServiceSetting Port Maximum Packet Length Enabling or Disabling 802.3x Flow ControlGlobal Port Configuration Unicast Forwarding Database ConfigurationDisplaying the Forwarding Database Security Management Setting the MAC Address Age-Out TimeVlan Management Searching for a MAC AddressSnmp Configuration Protocol ConfigurationChanging Community Strings Adding or Updating a Trap Receiver Enabling Authentication TrapsDeleting a Trap Receiver Spanning Tree Protocol STP ConfigurationSetting Port Priority and Path Cost Spanning Tree Port ConfigurationEnabling and Disabling STP Trunk Group Configuration Defining the Priority List QoS Priority Queue ManagementAssigning Packets to Priority Queues Example Setting Console UI Time-out Period User Interface ConfigurationSetting SSH/Telnet UI Time-out Adding or Deleting an Access Host Change PasswordEnabling or Disabling SSH and Telnet System Utilities Access ControlEnabling or Disabling the Web Server Enabling or Disabling System Port Mirroring Port MirroringAdding or Deleting a Monitor Port Resetting the Switch System ResetSystem Clock System Log Scheduling a System ResetClearing the System Log Bootstrap ConfigurationTftp File Transfers Ping Utility StatisticsSnmp and Rmon Management Advanced ManagementRmon Management Enabling and Disabling Duplicated IP Detection Duplicated IP Detection and TrapEnabling and Disabling Duplicated IP Trap Viewing a List of Duplicated IP AddressesEnabling and Disabling Station Movement Trap Configuring Port SecurityConfiguring Port Lock and Intruder Lock Configuring Port New Node Detection TrapConfiguring Security Level 2 or Level Port-based Network Access ControlSetting the Intruder Trap Resetting Security to DefaultsPage Name Description Port Control SettingsSetting Timers Radius Server IP Setting Radius ParametersServer Port Other Vlan Features of the switch Vlan Specifications for the IntraCore 35160 SeriesVlan Management Creating a Vlan Configuring Static Vlan GroupsAdvanced Static Vlan Configuration Setting the Port Vlan ID Configuring Vlan Port AttributesConfiguring Port Receive Frame Type Adding and Deleting VLANs from the PortDisplaying a Summary of Vlan Groups Setting Port TypeIP Multicast Traffic Management Resetting Vlan Configuration to DefaultsDisplaying a Vlan Port Summary Multicast AddressesIgmp Snooping Configuring IP Multicast Traffic ManagementEnabling and Disabling Igmp Snooping Displaying a Summary of Group Addresses Advanced Igmp ConfigurationAdding Ports to the Selected Address IP Multicast Forwarding Database ConfigurationInserting a Multicast Group Address Removing a Multicast Group AddressWeb-Based Management Accessing with a Web BrowserGenl Info General Information Button Front Panel ButtonManagement Buttons Port Config Port Configuration Button Span Tree Spanning Tree Button Addr Address Table Button Snmp ButtonVlan Button Vlan ConfigurationVlan Group Create Set Port Type Port ConfigurationPort Vlan ID Pvid Acceptable Frame TypeSecurity Button Trunking ButtonPort Ingress Filtering Tag/Untag Port Egress TypePage Snmp Management Operations Snmp ManagementSnmp Protocol MIB Tree Community Name and SecurityName Space Path MIB Groups Supported VLANs Switching ConceptsPort-Based VLANs Vlan ID and Tagged FramesPort Vlan ID Spanning Tree ProtocolHow It Works Spanning Tree ParametersFull Duplex, Flow Control, and Auto-negotiation Spanning Tree Port ConfigurationFull Duplex Auto-Negotiation Flow ControlProblem Possible Solutions Appendix A. TroubleshootingSpecifications Appendix B. Features and SpecificationsPhysical Characteristics Environmental Range Technical Support and WarrantyStandards Compliance FCC Compliance Statement Important Safety Instructions Appendix C. FCC Compliance and Warranty StatementsIntraCare Warranty Statement Page Appendix D. Console Port Pin Outs Pin Number Signal NameAppendix E. Online Warranty Registration Bootstrap Configuration Appendix F. BootP ConfigurationImage Banks Loading Software LocallyLoading Software Remotely BOOTP-TFTP
Top Page Image Contents