Support User Manuals

IBM 8260 Switch User Manual

Open as PDF

of 354

7. The following actions can be performed by the E-SEC card in case of intruder

detection:

a. Report intrusions by logging information about the intrusion in the

intruder table. To enable intruder reporting, you must issue the following

command:

8260A> set security network ethernet_3 intruder_reporting enable

Note: When you enable intruder reporting only, the intruder will still be

able to send data on the network, but an entry will be logged in the

intruder table to report the intrusion. You can look at the contents of the

intruder table using the following command:

8260A> show security intruder_table chronological

An example of the resulting display is shown in Figure 79.

 

8260A> show security intruder_table

Enter sort by:

8260A> show security intruder_table chronological

Security Intruder Table

Port Mac Address Network Attempts Time Since Intrusion

---- ----------- ------- -------- -------------------

02.16 10-00-5a-82-5a-6a ETHERNET_3 19 0d 21h 15m 43s

02.15 10-00-5a-d4-b0-8c ETHERNET_3 2 0d 21h 28m 10s

8260A>

 

Figure 79. Ethernet Security Intruder Table

Note: The intruder table is stored by DMM but not in non-volatile RAM.

Therefore, the contents of the intruder table will be lost after a reset of

DMM.

b. Jam intruder packets by issuing the following commands in the intruder

table. To enable intruder jamming, you must issue the following

command:

8260A> set security network ethernet_3 intruder_jamming enable

Note: This option will jam any packets sent by the intruders. But, the

intruder will still be allowed to attempt to send packets on the network.

c. Disable ports on which an intruder is detected using the following

example:

8260A> set security network ethernet_3 intruder_port_disabling enable

As a result of this option, any port on which an intruder is detected will

be disabled automatically, so the intruder will not be allowed to send any

other packets on the network.

To enable transmission of data on the disabled ports, the network

administrator must enable the port using DMM commands.

8. You may enable

failsafe

for individual ports attached to a secure network.

This parameter instructs the media modules connected to a secure network

to expect a security message from the E-SEC card for each transmitted

packet. If a security message is not transmitted to the media module, the

media module will automatically jam the ports for which the failsafe feature

Chapter 7. 8260 Ethernet Modules 127

previous next