GE ML1200 instruction manual Authorized Managers, Access, Removeall, Show ip-access

When the switch detects an intrusion attempt on a port, it records the date and time stamp, the MAC address, the port on which the access was attempted and the action taken by ML1200 software. The event log lists the most recently detected security violation attempts. This provides a chronological entry of all intrusions attempted on a specific port.

The event log records events as single-line entries listed in chronological order, and serves as a tool for isolating problems. Each event log entry is composed of four fields

•Severity - the level of severity (see below).

•Date - date the event occurred on. See Date and Time on page 5–9for information on setting the date and time on the switch.

•Time - time the event occurred on. See Date and Time on page 5–9for information on setting the date and time on the switch

•Log Description - description of event as detected by the switch

Severity has one of the following values, and depending on the severity type, is assigned a severity level.

•I (information, severity level 1) indicates routine events.

•A (activity, severity level 2) indicates the activity on the switch.

•D (debug, severity level 3) is reserved for GE Multilin internal diagnostic information

•C (critical, severity level 4) indicates that a severe switch error has occurred.

•F (fatal, severity level 5) indicates that a service has behaved unexpectedly.

6.2.4Authorized Managers

Just as port security allows and disallows specific MAC addresses from accessing a network, the ML1200 software can allow or block specific IP addresses or a range of IP addresses to access the switch. The access command allows access to configuration mode:

access

The allow ip command allows specified services for specified IP addresses. IP addresses can be individual stations, a group of stations or subnets. The range is determined by the IP address and netmask settings.

allow ip=<ipaddress> mask=<netmask> service=<namelist>

The deny ip command denies access to a specific IP address(es) or a subnet. IP addresses can be individual stations, a group of stations or subnets. The range is determined by the IP address and netmask settings.

deny ip=<ipaddress> mask=<netmask> service=<namelist>

The remove ip command removes specific IP address(es) or subnet by eliminating specified entry from the authorized manager list.

remove ip=<ipaddress> mask=<netmask>

The removeall command removes all authorized managers.

removeall

The show ip-accesscommand displays a list of authorized managers

show ip-access