Asante Technologies 3524 Series User Manual

45

4.3.3 Configuring Port Security

To access the Port Security Configuration Menu, type t in the Configuration Menu to access the Security
Management Menu, then type p to access the Port Security Configuration Menu. A screen similar to the
following will appear:

IntraCore 3524 Port Security Configuration Menu Unit Type: [24-100TX/RJ45]
Unit: 01 Port: 01

Unit Port Security Info:
[+: Port Security Enabled, -: No Port Security, !: Port Disabled By Security]
Port Security Status: [01]-------- [09]-------- [17]-------- [25]--XXXXXX

Port Security Type: <none>
Port New Node Detect Trap Status: [Disabled]
Port Intruder Detect Trap Status: [Enabled]
Port Trusted MAC Address: [<none>]

<Cmd> <Description>
u Set/Clear Port Security
t Toggle Port Security Trap Enable/Disable
i Insert/Modify Port Trusted MAC Address
d Display Port Intruder Nodes
h Port Security Help
q Return to previous menu

Command>
Select U)nit Nex)t unit Prev) unit S)elect port N)ext port P)rev port

Configuring Port New Node Detection Trap

The port new node detection trap security measure (also called “port security trap”) ensures that when any
new device is connected to the secured port, an alert will be sent to the designated trap receiver. The new
device is detected when it is connected to the switch and its MAC address is recognized as one not present
in the current address table. The information shown in the alert is the new node’s MAC address and IP
address (if available) and the port to which they are connected.

Once a device has been connected and has generated traffic on the network, the trap will not be re-sent. If
the switch ages out the MAC address of a connected device from its forwarding database, new traffic from
that device will result in a new node trap being sent. The default age-out time is 300 seconds. You may
reduce the number of traps sent by lengthening the age-out time, as explained in “Setting the MAC Address
Age-Out Time” in Chapter 3.

By default, New Node detection is disabled.

To enable or disable detection of a new node on the system, you must first set the security level on a port or
group of ports to 1. Then, if it is not already enabled, you must enable New Node detection.

To set security level 1 on a port:

1. From the Configuration Menu, type t to access the Security Management Menu.
2. Type

p to access the Port Security Configuration Menu.

3. Select

u to Set/Clear port security.

4. Type

s to set security.

5. Type the numbers of the ports for which you want to set the security. You can specify a single port,

a series of port numbers separated by commas, a range of ports shown with a hyphen, or a
combination of ranges and single ports. For example, type 1-8, 14 to specify ports one through
eight, and port fourteen. See Help for more information.

6. Type

l for Port Security Level 1.