Open as PDF
6–10 MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL
ACCESS CONSIDERATIONS CHAPTER 6: ACCESS CONSIDERATIONS
When the switch detects an intrusion attempt on a port, it records the date and time
stamp, the MAC address, the port on which the access was attempted and the action
taken by ML1200 software. The event log lists the most recently detected security violation
attempts. This provides a chronological entry of all intrusions attempted on a specific port.
The event log records events as single-line entries listed in chronological order, and serves
as a tool for isolating problems. Each event log entry is composed of four fields
• Severity - the level of severity (see below).
• Date - date the event occurred on. See Date and Time on page 5–9 for information
on setting the date and time on the switch.
• Time - time the event occurred on. See Date and Time on page 5–9 for information
on setting the date and time on the switch
• Log Description - description of event as detected by the switch
Severity has one of the following values, and depending on the severity type, is assigned a
I (information, severity level 1) indicates routine events.
A (activity, severity level 2) indicates the activity on the switch.
D (debug, severity level 3) is reserved for GE Multilin internal diagnostic information
C (critical, severity level 4) indicates that a severe switch error has occurred.
F (fatal, severity level 5) indicates that a service has behaved unexpectedly.
6.2.4 Authorized Managers
Just as port security allows and disallows specific MAC addresses from accessing a
network, the ML1200 software can allow or block specific IP addresses or a range of IP
addresses to access the switch. The
access command allows access to configuration
allow ip command allows specified services for specified IP addresses. IP addresses
can be individual stations, a group of stations or subnets. The range is determined by the IP
address and netmask settings.
allow ip=<ipaddress> mask=<netmask> service=<name|list>
deny ip command denies access to a specific IP address(es) or a subnet. IP
addresses can be individual stations, a group of stations or subnets. The range is
determined by the IP address and netmask settings.
deny ip=<ipaddress> mask=<netmask> service=<name|list>
remove ip command removes specific IP address(es) or subnet by eliminating
specified entry from the authorized manager list.
remove ip=<ipaddress> mask=<netmask>
removeall command removes all authorized managers.
show ip-access command displays a list of authorized managers