Asante Technologies 8000 Switch User Manual


 
Advanced Management
Page 4-14
Table 4-4 Port Security Configuration Settings
Configuring Port New Node Detection Trap
The port new node detection trap security measure (also called “port security
trap”) ensures that when any new device is connected to the secured port, an
alert will be sent to the designated trap receiver. The new device is detected
when it is connected to the IntraCore 8000 and its MAC address is
recognized as one not present in the current address table. The information
shown in the alert is the new node’s MAC address and IP address (if
available) and the port to which they are connected.
Once a device has been connected and has generated traffic on the network,
the trap will not be re-sent. If the switch ages out the MAC address of a
connected device from its forwarding database, new traffic from that device
will result in a new node trap being sent. The default age-out time is 300
seconds. You may reduce the number of traps sent by lengthening the age-
out time, as explained in “Setting the MAC Address Age-Out Time” in
Chapter 3.
By default, New Node detection is disabled.
To enable or disable detection of a new node on the system, you must first
set the security level on a port or group of ports to 1. Then, if it is not already
enabled, you must enable New Node detection.
To set security level 1 on a port:
Port Security Type Level of port security enabled. There are three levels of secu-
rity:
• New node detection trap (security level 1)
• Trusted MAC address forwarding with port lock
(security level 2)
• Trusted MAC address forwarding with intruder lock
(security level 3)
Port New Node Detect
Trap Status
Whether port new node detect trap is currently enabled or dis-
abled.
Port Intruder Detect
Trap Status
Whether port intruder detect trap is currently enabled or dis-
abled.
Port Trusted MAC
Address
MAC address currently specified as the port trusted MAC.
Setting Description