3 - 20 ONline Ethernet Management Module Installation and Operation Guide
Configuring Address-to-Port Security
The Advanced EMM provides address-to-port secu rity which enables you to
assign a maximum of four MAC Addresses to individual ports in your
network. This allows the EMM to detect a change in the MAC Address of a
station connected to a port whenever a different device is connected to
that port. When a master EMM detects such an address change, it disables
the port to preserve network security, and sends a trap to all stations with
trap or all access in its community table.
A slave EMM (Advanced) can also detect a change in a port's MAC address.
The slave EMM will send a trap to all stations in its community table,
however, it cannot disable the port. Once you are alerted to the trap
(displayed on the EMM console or workstation), you must issue the SET
PORT MODE DISABLE command to disable the port.
Once you have determined and rectified the intruding station, you must
issue the SET PORT MODE ENABLE command to re-enable the port.
Note: All versions of the EMM (i.e., Starter, Basic, Advanced) are
capable of managing the ONline 10BASE-T Security Module.
However, only the Advanced EMM supports management
security features. Therefore, when you use a Starter or
Basic EMM to issue a security command using the 'all'
option, the EMM scans the concentrator for Security
Modules and initiates the command on Security modules
only.
When you use an Advanced EMM to issue a security command
using the 'all' option, the EMM will initiate the command on all
Ethernet modules that support security.