By default, security levels 2 and 3 are both disabled.

Configuring Security Level 2 or Level 3

To set security level 2 (port lock) or level 3 (intruder lock) on a port:

1.From the Configuration Menu, type t to access the Security Management Menu.

2.Type p to access the Port Security Configuration Menu.

3.Select o to Set/Clear port security.

4.Type s to set security and enter the port number(s).

5.Type 2 to select Port Security with Port Lock, or 3 to select Port Security with Intruder Lock.

6.Type 1 to have the system trust the first station that addresses this port, or type 2 to enter a specific port-trusted MAC address. If selecting type 2, there is a prompt to enter an address where the values are hexadecimal and separated by colons, as follows: xx:xx:xx:xx:xx:xx

Setting the Intruder Trap

If the security level is set at 2 or 3, please ensure the Intruder Trap is set. Enabling this trap directs the system to send an alert to the designated trap receiver when an intruder tries to access the port. To set the intruder trap:

1.From the Configuration Menu, type t to access the Security Management Menu.

2.Type p to access the Port Security Configuration Menu.

3.Type t to choose Toggle Port Security Trap.

4.Type 1 to toggle the new node trap (if it is not already enabled).

Inserting/Modifying a Port Trusted MAC Address

When port security level 2 or 3 has been set for a port, the manager must specify the port-trusted MAC address. Change the port-trusted MAC address for a port without completing all the steps to set the port security.

To add or change the port-trusted MAC address:

1.From the Configuration Menu, type t to access the Security Management Menu.

2.Type p to access the Port Security Configuration Menu.

3.Type i, and then follow the instructions on the screen.

Resetting Security to Defaults

To reset the security measures on the switch to the factory defaults, access the Security Management Menu by typing t in the Configuration Menu. Then type r to reset all of the security configurations to the factory-set defaults. These defaults and their meanings were discussed in the sections on each security measure, covered earlier in this chapter.

4.2.4 Port-based Network Access Control

IEEE 802.1X is a standard used for Port based Network Access Control, where the “port” can be either a physical port or logical port by which a point-to-point connection is designated. The concept of 802.1X is to provide a standardized security authentication method for IEEE-based network technologies, including Local Area Networks (LANs) and Wireless LANs (WLANs).

Compared with technologies such as MAC filtering and Access Control Lists (ACLs), IEEE 802.1X is a new technology that provides scalability with minimal administration overhead. By authenticating user access at the network edge, network administrators can be assured that no unauthorized access will take place, and all of the user authentication can take place on a centralized authentication server.

50

Page 50
Image 50
Asante Technologies 35160 user manual Port-based Network Access Control, Configuring Security Level 2 or Level