Manuals / Asante Technologies / Computer Equipment / Switch

Asante Technologies 3500 Series user manual Configuring Port Lock and Intruder Lock

Models: 3500 Series

1 85
Download 85 pages 59.31 Kb
Page 49
Image 49

To enable New Node detection:

1.From the Configuration Menu, type t to access the Security Management Menu.

2.Type p to access the Port Security Configuration Menu, as shown in Figure 4-5.

3.Type t to choose Toggle Port Security Trap.

4.Type l to toggle the new node trap (if it is not already enabled).

Configuring Port Lock and Intruder Lock

The port intruder security measure allows you to create a port-trusted MAC address that is the only station with full rights to direct traffic to the port. Attempts to send traffic to the port from other stations are regarded as security intrusions, and can be disallowed. The security measure may be enabled as a port lock (security level 2) or an intruder lock (security level 3).

Note: The three security levels are mutually exclusive; a port can have security level 1, level 2, or level 3, but never a combination of security levels.

To configure security level 2 or 3, you must specify the port-trusted MAC address. You can either specify the address directly, or direct the system to trust the address of the first station that addresses the port. By trusting the first station to address the port, you can configure port security before you know which system will ultimately use that port.

When security level 2 (port lock) is enabled and an intruder attempts to direct traffic to the port, the port is immediately disabled. The port is then re-enabled only by clearing the security level by management.

When security level 3 (intruder lock) is enabled and an intruder attempts to direct traffic to the port, the switch locks out the intruder’s MAC address; the port will not accept any traffic from that station. The intruder’s address is then re-enabled only by clearing the security level by management.

Important! If you set security level 2 or 3, you should also set the Intruder Trap. If you do not set this trap, you will not receive notification that the port has been disabled. See “Setting the Intruder Trap” section below.

By default, security levels 2 and 3 are both disabled.

Configuring Security Level 2 or Level 3

To set security level 2 (port lock) or level 3 (intruder lock) on a port:

1.From the Configuration Menu, type t to access the Security Management Menu.

2.Type p to access the Port Security Configuration Menu.

3.Use the commands at the bottom of the menu to navigate to the unit and port needed.

4.Select u to Set/Clear port security.

5.Type s to set security.

6.Type 2 to select Port Security with Port Lock, or 3 to select Port Security with Intruder Lock.

7.Type 1 to have the system trust the first station that addresses this port, or type 2 to enter a specific port-trusted MAC address. If you type 2, you are prompted to enter an address where the values are hexadecimal and separated by colons, as follows: xx:xx:xx:xx:xx:xx

Setting the Intruder Trap

If you set security level 2 or 3, you should also ensure the Intruder Trap is set. Enabling this trap directs the system to send an alert to the designated trap receiver when an intruder tries to access the port. To set the intruder trap:

1.From the Configuration Menu, type t to access the Security Management Menu.

2.Type p to access the Port Security Configuration Menu.

3.Type t to choose Toggle Port Security Trap.

4.Type 2 to toggle the new node trap (if it is not already enabled).

49

Page 48 Page 50
Page 49
Image 49
Asante Technologies 3500 Series user manual Configuring Port Lock and Intruder Lock, Configuring Security Level 2 or Level
Page 48 Page 50