IBM 8260 Switch User Manual


 
wish the station shown in Figure 78 for this port to be able to access our
network. The following command was used to delete this entry:
8260A> set security address_table address 10-00-5a-82-59-32 delete
c. Once you are satisfied that the network address table contains all the
desired entries, you can save this table on the non-volatile RAM of the
E-SEC module using the following command:
8260A> save security address_table
4. Enable port jamming on each port using the following example:
8260A> set security port 2.15 jamming enable
Port jamming enables you to prevent intruders from accessing the network
by jamming the frames originated from an intruder. It also allows you to
prevent eavesdropping on those ports.
Note: Port jamming is enabled by default on all the ports.
5. If you are planning to perform eavesdropping protection, you must enable
this option for the network using the following example:
8260A> set security network ethernet_3 eavesdrop_protection enable
This command prevents all the ports for which you have enabled port
jamming from using tracing tools to listen to the network traffic.
Note: When eavesdropping is enabled, all the ports will still be able to
receive broadcast messages.
6. For each port on which you plan to perform intruder checking, you must
perform the following steps:
a. Enable source address checking for the network using the following
example:
8260A> set security network ethernet_3 source_address_checking enable
This option enables the security card to check the source address in the
packets against the contents of the network security address table.
b. Enable source port checking for the network using the following example:
8260A> set security network ethernet_3 source_port_checking enable
This option enables the security card to check the source port of the
packets against the contents of the network security address table.
c. Use the following example to enable intruder checking:
8260A> set security port 2.15 intruder_checking enable
When you enable intruder checking for a port, the E-SEC card checks
each packets source MAC address against the entries in the network
security address table. If the source address does not match one of the
authorized stations on that port, the packet is considered an intruder.
For the intruder packets, the E-SEC module will take one or more of the
actions that are specified in the next steps.
Note: The above parameters allow you to check either the source of the
packet or the source and the port of the packet against the contents of the
network security address table. If you enable the source address checking
but not the source port checking, regardless of the port on which the packet
is received, it is regarded as authorized as long as the source MAC address
is found in the network security address table.
126 8260 Multiprotocol Intelligent Switching Hub