Asante Technologies 35160 user manual Port-based Network Access Control, Setting the Intruder Trap

Page 50

By default, security levels 2 and 3 are both disabled.

Configuring Security Level 2 or Level 3

To set security level 2 (port lock) or level 3 (intruder lock) on a port:

1.From the Configuration Menu, type t to access the Security Management Menu.

2.Type p to access the Port Security Configuration Menu.

3.Select o to Set/Clear port security.

4.Type s to set security and enter the port number(s).

5.Type 2 to select Port Security with Port Lock, or 3 to select Port Security with Intruder Lock.

6.Type 1 to have the system trust the first station that addresses this port, or type 2 to enter a specific port-trusted MAC address. If selecting type 2, there is a prompt to enter an address where the values are hexadecimal and separated by colons, as follows: xx:xx:xx:xx:xx:xx

Setting the Intruder Trap

If the security level is set at 2 or 3, please ensure the Intruder Trap is set. Enabling this trap directs the system to send an alert to the designated trap receiver when an intruder tries to access the port. To set the intruder trap:

1.From the Configuration Menu, type t to access the Security Management Menu.

2.Type p to access the Port Security Configuration Menu.

3.Type t to choose Toggle Port Security Trap.

4.Type 1 to toggle the new node trap (if it is not already enabled).

Inserting/Modifying a Port Trusted MAC Address

When port security level 2 or 3 has been set for a port, the manager must specify the port-trusted MAC address. Change the port-trusted MAC address for a port without completing all the steps to set the port security.

To add or change the port-trusted MAC address:

1.From the Configuration Menu, type t to access the Security Management Menu.

2.Type p to access the Port Security Configuration Menu.

3.Type i, and then follow the instructions on the screen.

Resetting Security to Defaults

To reset the security measures on the switch to the factory defaults, access the Security Management Menu by typing t in the Configuration Menu. Then type r to reset all of the security configurations to the factory-set defaults. These defaults and their meanings were discussed in the sections on each security measure, covered earlier in this chapter.

4.2.4 Port-based Network Access Control

IEEE 802.1X is a standard used for Port based Network Access Control, where the “port” can be either a physical port or logical port by which a point-to-point connection is designated. The concept of 802.1X is to provide a standardized security authentication method for IEEE-based network technologies, including Local Area Networks (LANs) and Wireless LANs (WLANs).

Compared with technologies such as MAC filtering and Access Control Lists (ACLs), IEEE 802.1X is a new technology that provides scalability with minimal administration overhead. By authenticating user access at the network edge, network administrators can be assured that no unauthorized access will take place, and all of the user authentication can take place on a centralized authentication server.

50

Page 49 Page 51
Image 50
Page 49 Page 51
Contents IntraCore 35160 Series Quick Start Guide Layer 2 Gigabit Switches User’s Manual IntraCore 35160 SeriesTable of Contents Page Features IntroductionLEDs SwitchCore CXE2010Package Contents 1 IC35160-T 2 IC35160-GManagement and Configuration Front and Back Panel DescriptionsSnmp Management Console InterfaceWeb-Based Interface Safety Overview Hardware Installation and SetupInstallation Overview Recommended Installation ToolsEnvironmental Requirements Installation into an Equipment RackPower Requirements Cooling and AirflowInstalling a Gbic Gbic InterfacesRemoving a Gbic Installing the Optional Emergency Power SupplyConnecting Power Gbic Care and HandlingConnecting to the Network 1 10/100/1000BaseT Ports Cabling ProceduresConnecting to a Console SetupGigabit Ethernet Ports Cabling Procedures Connecting Via the Web Browser Connecting Via TelnetChanging the Password IP AssignmentSimple Network Management Protocol Snmp Logging ConfigurationAccessing a Submenu Exiting a SubmenuConfiguration Menu General InformationAdministration Configuration Changing System Administration InfoChanging System IP Information System IP ConfigurationPort Configuration Page Advanced Port Configuration Enabling or Disabling a PortSetting Port Maximum Packet Length Setting Port Class of ServiceSetting Port Default Priority Enabling or Disabling 802.3x Flow ControlUnicast Forwarding Database Configuration Global Port ConfigurationDisplaying the Forwarding Database Vlan Management Setting the MAC Address Age-Out TimeSecurity Management Searching for a MAC AddressChanging Community Strings Protocol ConfigurationSnmp Configuration Enabling Authentication Traps Adding or Updating a Trap ReceiverSpanning Tree Protocol STP Configuration Deleting a Trap ReceiverEnabling and Disabling STP Spanning Tree Port ConfigurationSetting Port Priority and Path Cost Trunk Group Configuration Assigning Packets to Priority Queues QoS Priority Queue ManagementDefining the Priority List Example Setting SSH/Telnet UI Time-out User Interface ConfigurationSetting Console UI Time-out Period Enabling or Disabling SSH and Telnet Change PasswordAdding or Deleting an Access Host Enabling or Disabling the Web Server Access ControlSystem Utilities Adding or Deleting a Monitor Port Port MirroringEnabling or Disabling System Port Mirroring System Clock System ResetResetting the Switch Scheduling a System Reset System LogBootstrap Configuration Clearing the System LogTftp File Transfers Statistics Ping UtilityRmon Management Advanced ManagementSnmp and Rmon Management Enabling and Disabling Duplicated IP Trap Duplicated IP Detection and TrapEnabling and Disabling Duplicated IP Detection Viewing a List of Duplicated IP AddressesConfiguring Port Security Enabling and Disabling Station Movement TrapConfiguring Port New Node Detection Trap Configuring Port Lock and Intruder LockSetting the Intruder Trap Port-based Network Access ControlConfiguring Security Level 2 or Level Resetting Security to DefaultsPage Port Control Settings Name DescriptionSetting Timers Server Port Setting Radius ParametersRadius Server IP Vlan Management Vlan Specifications for the IntraCore 35160 SeriesOther Vlan Features of the switch Configuring Static Vlan Groups Creating a VlanAdvanced Static Vlan Configuration Configuring Port Receive Frame Type Configuring Vlan Port AttributesSetting the Port Vlan ID Adding and Deleting VLANs from the PortSetting Port Type Displaying a Summary of Vlan GroupsDisplaying a Vlan Port Summary Resetting Vlan Configuration to DefaultsIP Multicast Traffic Management Multicast AddressesEnabling and Disabling Igmp Snooping Configuring IP Multicast Traffic ManagementIgmp Snooping Advanced Igmp Configuration Displaying a Summary of Group AddressesInserting a Multicast Group Address IP Multicast Forwarding Database ConfigurationAdding Ports to the Selected Address Removing a Multicast Group AddressAccessing with a Web Browser Web-Based ManagementManagement Buttons Front Panel ButtonGenl Info General Information Button Port Config Port Configuration Button Span Tree Spanning Tree Button Snmp Button Addr Address Table ButtonVlan Group Create Vlan ConfigurationVlan Button Port Vlan ID Pvid Port ConfigurationSet Port Type Acceptable Frame TypePort Ingress Filtering Trunking ButtonSecurity Button Tag/Untag Port Egress TypePage Snmp Protocol Snmp ManagementSnmp Management Operations Name Space Path Community Name and SecurityMIB Tree MIB Groups Supported Port-Based VLANs Switching ConceptsVLANs Vlan ID and Tagged FramesHow It Works Spanning Tree ProtocolPort Vlan ID Spanning Tree ParametersFull Duplex Spanning Tree Port ConfigurationFull Duplex, Flow Control, and Auto-negotiation Flow Control Auto-NegotiationAppendix A. Troubleshooting Problem Possible SolutionsPhysical Characteristics Appendix B. Features and SpecificationsSpecifications Standards Compliance Technical Support and WarrantyEnvironmental Range IntraCare Warranty Statement Appendix C. FCC Compliance and Warranty StatementsFCC Compliance Statement Important Safety Instructions Page Pin Number Signal Name Appendix D. Console Port Pin OutsAppendix E. Online Warranty Registration Image Banks Appendix F. BootP ConfigurationBootstrap Configuration Loading Software LocallyBOOTP-TFTP Loading Software Remotely
Top Page Image Contents