Filter
Top Products
50
By default, security levels 2 and 3 are both disabled.
Configuring Security Level 2 or Level 3
To set security level 2 (port lock) or level 3 (intruder lock) on a port:
1. From the Configuration Menu, type t to access the Security Management Menu.
2. Type p to access the Port Security Configuration Menu.
3. Select o to Set/Clear port security.
4. Type s to set security and enter the port number(s).
5. Type 2 to select Port Security with Port Lock, or 3 to select Port Security with Intruder Lock.
6. Type 1 to have the system trust the first station that addresses this port, or type 2 to enter a specific
port-trusted MAC address. If selecting type 2, there is a prompt to enter an address where the
values are hexadecimal and separated by colons, as follows: xx:xx:xx:xx:xx:xx
Setting the Intruder Trap
If the security level is set at 2 or 3, please ensure the Intruder Trap is set. Enabling this trap directs the
system to send an alert to the designated trap receiver when an intruder tries to access the port. To set the
intruder trap:
1. From the Configuration Menu, type t to access the Security Management Menu.
2. Type p to access the Port Security Configuration Menu.
3. Type t to choose Toggle Port Security Trap.
4. Type 1 to toggle the new node trap (if it is not already enabled).
Inserting/Modifying a Port Trusted MAC Address
When port security level 2 or 3 has been set for a port, the manager must specify the port-trusted MAC
address. Change the port-trusted MAC address for a port without completing all the steps to set the port
security.
To add or change the port-trusted MAC address:
1. From the Configuration Menu, type t to access the Security Management Menu.
2. Type p to access the Port Security Configuration Menu.
3. Type i, and then follow the instructions on the screen.
Resetting Security to Defaults
To reset the security measures on the switch to the factory defaults, access the Security Management Menu
by typing t in the Configuration Menu. Then type r to reset all of the security configurations to the factory-set
defaults. These defaults and their meanings were discussed in the sections on each security measure,
covered earlier in this chapter.
4.2.4 Port-based Network Access Control
IEEE 802.1X is a standard used for Port based Network Access Control, where the “port” can be either a
physical port or logical port by which a point-to-point connection is designated. The concept of 802.1X is to
provide a standardized security authentication method for IEEE-based network technologies, including Local
Area Networks (LANs) and Wireless LANs (WLANs).
Compared with technologies such as MAC filtering and Access Control Lists (ACLs), IEEE 802.1X is a new
technology that provides scalability with minimal administration overhead. By authenticating user access at
the network edge, network administrators can be assured that no unauthorized access will take place, and
all of the user authentication can take place on a centralized authentication server.