GE ML2400 Switch User Manual


 
6–10 MULTILINK ML2400 ETHERNET COMMUNICATIONS SWITCH – INSTRUCTION MANUAL
ACCESS CONSIDERATIONS CHAPTER 6: ACCESS CONSIDERATIONS
When the switch detects an intrusion attempt on a port, it records the date and time
stamp, the MAC address, the port on which the access was attempted and the action
taken by ML2400 software. The event log lists the most recently detected security violation
attempts. This provides a chronological entry of all intrusions attempted on a specific port.
The event log records events as single-line entries listed in chronological order, and serves
as a tool for isolating problems. Each event log entry is composed of four fields
Severity - the level of severity (see below).
Date - date the event occurred on. See Date and Time on page 5–9 for information
on setting the date and time on the switch.
Time - time the event occurred on. See Date and Time on page 5–9 for information
on setting the date and time on the switch
Log Description - description of event as detected by the switch
Severity has one of the following values, and depending on the severity type, is assigned a
severity level.
I (information, severity level 1) indicates routine events.
A (activity, severity level 2) indicates the activity on the switch.
D (debug, severity level 3) is reserved for GE Multilin internal diagnostic information
C (critical, severity level 4) indicates that a severe switch error has occurred.
F (fatal, severity level 5) indicates that a service has behaved unexpectedly.
6.2.3 Authorized Managers
Just as port security allows and disallows specific MAC addresses from accessing a
network, the ML2400 software can allow or block specific IP addresses or a range of IP
addresses to access the switch. The
access command allows access to configuration
mode:
access
The
allow ip command allows specified services for specified IP addresses. IP addresses
can be individual stations, a group of stations or subnets. The range is determined by the IP
address and netmask settings.
allow ip=<ipaddress> mask=<netmask> service=<name|list>
The
deny ip command denies access to a specific IP address(es) or a subnet. IP
addresses can be individual stations, a group of stations or subnets. The range is
determined by the IP address and netmask settings.
deny ip=<ipaddress> mask=<netmask> service=<name|list>
The
remove ip command removes specific IP address(es) or subnet by eliminating
specified entry from the authorized manager list.
remove ip=<ipaddress> mask=<netmask>
The
removeall command removes all authorized managers.
removeall
The
show ip-access command displays a list of authorized managers
show ip-access