Manuals / Asante Technologies / Computer Equipment / Switch

Asante Technologies 3500 Series user manual Configuring Port Security

Models: 3500 Series

1 85
Download 85 pages 59.31 Kb
Page 48
Image 48

4.3.3 Configuring Port Security

To access the Port Security Configuration Menu, type t in the Configuration Menu to access the Security Management Menu, then type p to access the Port Security Configuration Menu. A screen similar to the following will appear:

IntraCore 3524

Port Security Configuration Menu

Unit Type: [24-100TX/RJ45]

Unit: 01 Port:

01

 

Unit Port Security Info:

[+: Port Security Enabled, -: No Port Security, !: Port Disabled By Security]

Port Security Status:

[01]-------- [09]-------- [17]-------- [25]--XXXXXX

Port Security Type:

<none>

Port New Node Detect

Trap Status: [Disabled]

Port Intruder Detect Trap Status: [Enabled]

Port Trusted MAC Address: [<none>]

<Cmd>

<Description>

u

Set/Clear Port Security

t

Toggle Port Security Trap Enable/Disable

i

Insert/Modify Port Trusted MAC Address

d

Display Port Intruder Nodes

h

Port Security Help

q

Return to previous menu

Command>

Select U)nit Nex)t unit Prev) unit S)elect port N)ext port P)rev port

Configuring Port New Node Detection Trap

The port new node detection trap security measure (also called “port security trap”) ensures that when any new device is connected to the secured port, an alert will be sent to the designated trap receiver. The new device is detected when it is connected to the switch and its MAC address is recognized as one not present in the current address table. The information shown in the alert is the new node’s MAC address and IP address (if available) and the port to which they are connected.

Once a device has been connected and has generated traffic on the network, the trap will not be re-sent. If the switch ages out the MAC address of a connected device from its forwarding database, new traffic from that device will result in a new node trap being sent. The default age-out time is 300 seconds. You may reduce the number of traps sent by lengthening the age-out time, as explained in “Setting the MAC Address Age-Out Time” in Chapter 3.

By default, New Node detection is disabled.

To enable or disable detection of a new node on the system, you must first set the security level on a port or group of ports to 1. Then, if it is not already enabled, you must enable New Node detection.

To set security level 1 on a port:

1.From the Configuration Menu, type t to access the Security Management Menu.

2.Type p to access the Port Security Configuration Menu.

3.Select u to Set/Clear port security.

4.Type s to set security.

5.Type the numbers of the ports for which you want to set the security. You can specify a single port, a series of port numbers separated by commas, a range of ports shown with a hyphen, or a combination of ranges and single ports. For example, type 1-8, 14 to specify ports one through eight, and port fourteen. See Help for more information.

6.Type l for Port Security Level 1.

48

Page 47 Page 49
Page 48
Image 48
Asante Technologies 3500 Series user manual Configuring Port Security, Configuring Port New Node Detection Trap
Page 47 Page 49