To implement port security, assign a MAC Address to a given port before you enable the security feature for that port.

Issue the following command to assign a MAC Address to port 3 on the module in slot 6:

ONline> set security port 6.3 mac_address 08-00-8f-12-c0-09 [ENTER]

Use the following command to enable the security feature for all ports on the module in slot 7. Prior to enabling the security feature, you must already have assigned a MAC Address to each port:

ONline> set security port 7.all mode enable [ENTER]

Use the SHOW SECURITY PORT command to display the MAC address and security setting for a specific module and port, for all ports, or for all port's of a specific module.

The following example displays security settings for all of the ports on the Fiber Module in slot 16.

ONline> show security port 3.all verbose

[ENTER]

Security Display for Module 5104M- FB in Slot 3:

Port Mode

MAC Addresses

General Information

16.01ENABLED 08-00-8f-1b-0b-ad ETHERNET_1

16.02ENABLED 08-00-8f-3c-c6-1e ETHERNET_1

16.03DISABLED 08-00-8f-00-0e-c6 ETHERNET_1

16.04DISABLED 08-00-8f-00-0e-2e ETHERNET_1

Managing Security with EMM Master and Slaves

When managing security in Ethernet modules (other than the 5112M-TPLS Security Module), 3Com recommends that all security configuration changes to an Ethernet module only be issued through the EMM (master or slave) that is managing the network to which that module is assigned. This eliminates the possibility of having two different security configurations for one module stored in two EMMs. (This consideration does not apply to the Security Module because only a master EMM is capable of managing it.)

Startup and Management Functions 3 - 21

Page 61
Image 61
3Com 5101M-MGT installation and operation guide Managing Security with EMM Master and Slaves