Configuring Address-to-Port Security

The Advanced EMM providesaddress-to-port secu rity which enables you to assign a maximum of four MAC Addresses to individual ports in your network. This allows the EMM to detect a change in the MAC Address of a station connected to a port whenever a different device is connected to that port. When a master EMM detects such an address change, it disables the port to preserve network security, and sends a trap to all stations with trap or all access in its community table.

A slave EMM (Advanced) can also detect a change in a port's MAC address. The slave EMM will send a trap to all stations in its community table, however, it cannot disable the port. Once you are alerted to the trap (displayed on the EMM console or workstation), you must issue the SET PORT MODE DISABLE command to disable the port.

Once you have determined and rectified the intruding station, you must issue the SET PORT MODE ENABLE command to re-enable the port.

Note: All versions of the EMM (i.e., Starter, Basic, Advanced) are capableofmanagingtheONline10BASE-TSecurityModule. However, only the Advanced EMM supports management security features. Therefore, when you use a Starter or Basic EMM to issue a security command using the 'all' option, the EMM scans the concentrator for Security Modules and initiates the command on Security modules only.

When you use an Advanced EMM to issue a security command using the 'all' option, the EMM will initiate the command on all Ethernet modules that support security.

3 - 20 ONline Ethernet Management Module Installation and Operation Guide

Page 60
Image 60
3Com 5101M-MGT installation and operation guide Configuring Address-to-Port Security