Manuals / 3Com / Computer Equipment / Tablet

3Com 5112M-TPLS Defining Port Action on Intrusion, Configuring Security Features

Models: 5112M-TPLS

1 108

Download 108 pages 10.66 Kb

Page 65

Security Mode is automatically enabled when you issue the SET SECURITY PORT SECURITY_TYPE command.

Security Type is automatically configured to Full (which includes both Eavesdropping and Intrusion security) when you issue the SET SECURITY PORT MODE ENABLE command.

Note: Security mode must be disabled in order for the EMM to Autolearn MAC addresses for ports that have Security Type configured for Intrusion_only or Full. If Security Mode is not disabled for each port that is configured for Intrusion Security:

–MAC addresses are not Autolearned

–The ports report an intrusion

Defining Port Action on Intrusion

An additional feature of Intrusion Detection provides you with the ability to define on a per-port basis the corrective action a management module is to take when a Security Module port experiences a security intrusion attempt. Each option provides Intrusion Detection and data collision on the intruding packet. You may elect to have the management module perform one of the following actions:

❑Disable the port and send a trap (disable_and_trap)

❑Only disable the port (disable_only)

❑No management action (no_action)

❑Only send a trap to stations defined in the management module's community table (trap_only)

Issue the following command to define disable_and_trap as the corrective action a management module will take upon a security Intrusion attempt for all ports on the module in slot 3.

Configuring Security Features 4 - 7

Image 65

3Com 5112M-TPLS installation and operation guide Defining Port Action on Intrusion, Configuring Security Features

Contents

3Com Corporation 118 Turnpike Road Southborough, MA U.S.A 508 FAX 508 ONline 10BASE-T Security Module Installation and Operation GuideDocument Number Printed February Model Number 5112M-TPLS Federal Communications Commission Notice ii ONline 10BASE-T Security Module Installation and Operation GuideCanadian Emissions Requirements VDE Class B ComplianceRestricted Rights ONline 10BASE-T Security Module Installation and Operation Guideiv ONline 10BASE-T Security Module Installation and Operation Guide Chapter 1 - Introduction How to Use This GuideChapter 2 - Designing and Expanding the Network ContentsChapter 4 - Configuring Security Features Chapter 3 - Installing and Operating the Modulevi ONline 10BASE-T Security Module Installation and Operation Guide Precautionary Procedures Quick Installation ChartONline 10BASE-T Security Module Installation and Operation Guide Chapter 5 - TroubleshootingAppendix A - Specifications Index viii ONline 10BASE-T Security Module Installation and Operation GuideAppendix B - Technical Support ONline 10BASE-T Security Module Installation and Operation Guide Figuresx ONline 10BASE-T Security Module Installation and Operation Guide ONline 10BASE-T Security Module Installation and Operation Guide TablesPage ONline 10BASE-T Security Module Installation and Operation Guide How to Use This GuideAudience Structure of This Guide xiv ONline 10BASE-T Security Module Installation and Operation GuideConvention Document ConventionsIndicates ExampleRelated Documents xvi ONline 10BASE-T Security Module Installation and Operation GuideA Caution. A A Warning. A3Com Documents 6-Slot ONline System Concentrator Installation and OperationReference Documents ONline 10BASE-T Security Module Installation and Operation GuidePage Introduction 1 1 IntroductionThe ONline 10BASE-T Security Module Application Theory of OperationIntroduction ONline ManagementFigure 1-1. ONline 10BASE-T Security Module Application Page 2 Designing and Expanding the Network Designing and Expanding the Network 2Basic Network Rules Understanding the General RulesDefinition RuleRecommendations/Notes Table 2-1. Seven Basic Network RulesTable 2-1. Seven Basic Network Rules Continued Many LAN products delay the signalRule DefinitionDefinition RuleRecommendations/Notes The fiber link distancesLAN Product LAN EquivalenceEquivalent Fiber Table 2-2. LAN Product Equivalent DistancesTable 2-2. LAN Product Equivalent Distances Continued Fiber Backbone, Twisted Pair To-The-DeskLAN Product Equivalent FiberFiber Backbone, Twisted Pair To-The-Desk Example Designing and Expanding the Network 2 Figure 2-1. Sample Configuration Distance CalculationCable Gauge Twisted Pair Backbone, Twisted Pair To-The-DeskSupports Link Distances Up To Table 2-3. Maximum Link Distance on Twisted PairDesigning and Expanding the Network 2 Patch PanelsFigure 2-2. Unshielded Twisted Pair Network Figure 2-3. Redundant Twisted Pair Configuration Redundant LinksDesigning and Expanding the Network 2 To set link redundancy between two Security ModulesPage Installing and Operating the Module 3 3 Installing and Operating the ModuleQuick Installation Chart Precautionary ProceduresProcedure Unpacking ProceduresConfiguring the Module Installing the ModuleLED and Network VerificationUnpacking Procedures Installing and Operating the Module 3 Setting the Dip SwitchFigure 3-1. Security Module Dip Switch SW1 Location Switch Settings SwitchNetwork Selection Table 3-2. DIP Switch SW1 Network Selection SettingsFunction SettingFactory Off OnInstalling the Cable Tie-Wrap Kit Installing the ModuleInstalling and Operating the Module 3 To install the tie-wrap kitFigure 3-2. Attaching the Tie-Wrap Bracket to the Module 3. Insert the tie-wrap through the opening on the tie-wrap bracketCaution Do not fasten the tie-wrap around the module ejectors Figure 3-3. Attaching Cables With 90 ConnectorsInstalling and Operating the Module 3 Installing the ModuleFigure 3-4. Installing an ONline 10BASE-T Security Module Figure 3-5. ONline 10BASE-T Security Module Cable Connection Installing and Operating the Module 3 Configuring the ModuleNetwork Assignment Port EnablePort Redundancy ONline set port 3.all mode enable ENTERModule Security Link IntegrityInstalling and Operating the Module ONline set port 5.all linkintegrity enable ENTERAutopartition Threshold Saving Module ConfigurationsReverting Module Configurations Installing and Operating the Module 3 Showing Module ConfigurationsMonitoring the Front Panel Figure 3-6. Security Module Faceplate Installing and Operating the Module 3State ColorName Table 3-4. Interpretation of the Security Module LEDsLED and Network Verification Network ConfigurationLED State Installing and Operating the Module 3Page Configuring Security Features 4 4 Configuring Security FeaturesCommand Quick Reference for Configuring SecurityTable 4-1. Quick Reference for Configuring the Security Module ProcedureCommand ProcedureConfiguring Security Features 4. Initiate Autolearning toEavesdropping Security Configuring Security FeaturesFigure 4-1. Example of Eavesdropping Security Intrusion DetectionConfiguring Security Features 4 Figure 4-2. Example of Intrusion Detection Defining Port Security TypeConfiguring Security Features Defining Port Action on IntrusionONline set security autolearn 3.all mask disable ENTER Configuring Autolearning MaskEnabling Ports Configuring Security Features 4 Configuring Autolearning6. Upon completion of Autolearning, the following message is displayed Configuring Security Features 4 Defining a MAC Address ManuallyONline set security port 3.1 macaddress 08-54-6f-01-32-08 ENTER ONline set security autolearn 3.1 macaddress 08-54-6f-01-32-08 ENTERONline set security autolearn 3.1 download ENTER Downloading the Autolearning DatabaseNote overwriting existing addresses in the Security database Autolearn download done downloaded y addresses totalConfiguring Security Features 4 Configuring Security ModeReverting Security Configurations Showing Security ConfigurationsSaving Security Configurations Configuring Security Features 4 Showing Port ConfigurationsPage Configuring Security Features 4 Showing Security AutolearnShowing Security Intruder List Configuring Security Features 4 Clearing Security ConfigurationsClearing the MAC Address Table Clearing the Security Intruder List Clearing the Autolearning DatabaseONline clear security autolearn 3.1 macaddress all ENTER ONline clear security intruderlist ENTER Intruder List clearedConfiguring Security Features 4 Using 3Com MIB Security VariablesEMM Security SNMP Variables Using the Security Module SNMP Variables Configuring Security Features 4 Page Troubleshooting 5 5 TroubleshootingTroubleshooting Troubleshooting Troubleshooting Using the Status LEDsProblem IndicationProblem TroubleshootingTroubleshooting 5 LED StatePossible Problem Troubleshooting Using the Activity LEDsTroubleshooting Solutions Table 5-2. Troubleshooting Using the Activity LEDsTroubleshooting 5 Technical AssistancePage Specifications A A SpecificationsElectrical Specifications General Specifications Environmental SpecificationsMechanical Specifications Specifications A 50-Pin Connector and CableFigure A-1. 50-Pin Cable Male and Female Connectors ceiver TransPort # PolarityTrans Twisted Pair Connectors and CablesTrans Port #Specifications A Twisted Pair ConnectorsFigure A-2. RJ-45 Connector Pinouts Twisted Pair Cables Technical Support B B Technical SupportOn-line Technical Support World Wide Web Site Support from Your Network SupplierEmail Technical Support Technical Support B Support from 3ComReturning Products for Repair Accessing the 3Com MIBTechnical Support B 3Com Technical PublicationsPage Index NumericsIndex 2 Index Index 4 Index Unshielded Twisted Pair Network Sample Configuration Unpacking Procedures Unshielded Twisted Pair CableUploading Security Configurations Wiring Closet, A-8