IBM 8260 Switch User Manual


 
7. The following actions can be performed by the E-SEC card in case of intruder
detection:
a. Report intrusions by logging information about the intrusion in the
intruder table. To enable intruder reporting, you must issue the following
command:
8260A> set security network ethernet_3 intruder_reporting enable
Note: When you enable intruder reporting only, the intruder will still be
able to send data on the network, but an entry will be logged in the
intruder table to report the intrusion. You can look at the contents of the
intruder table using the following command:
8260A> show security intruder_table chronological
An example of the resulting display is shown in Figure 79.
8260A> show security intruder_table
Enter sort by:
8260A> show security intruder_table chronological
Security Intruder Table
Port Mac Address Network Attempts Time Since Intrusion
---- ----------- ------- -------- -------------------
02.16 10-00-5a-82-5a-6a ETHERNET_3 19 0d 21h 15m 43s
02.15 10-00-5a-d4-b0-8c ETHERNET_3 2 0d 21h 28m 10s
8260A>
Figure 79. Ethernet Security Intruder Table
Note: The intruder table is stored by DMM but not in non-volatile RAM.
Therefore, the contents of the intruder table will be lost after a reset of
DMM.
b. Jam intruder packets by issuing the following commands in the intruder
table. To enable intruder jamming, you must issue the following
command:
8260A> set security network ethernet_3 intruder_jamming enable
Note: This option will jam any packets sent by the intruders. But, the
intruder will still be allowed to attempt to send packets on the network.
c. Disable ports on which an intruder is detected using the following
example:
8260A> set security network ethernet_3 intruder_port_disabling enable
As a result of this option, any port on which an intruder is detected will
be disabled automatically, so the intruder will not be allowed to send any
other packets on the network.
To enable transmission of data on the disabled ports, the network
administrator must enable the port using DMM commands.
8. You may enable
failsafe
for individual ports attached to a secure network.
This parameter instructs the media modules connected to a secure network
to expect a security message from the E-SEC card for each transmitted
packet. If a security message is not transmitted to the media module, the
media module will automatically jam the ports for which the failsafe feature
Chapter 7. 8260 Ethernet Modules 127