Port Access Control - Hirschmann MACH 4000 User Manual

Protection from unauthorized access

6.4 Port access control

6.4.1 Port access control
The Switch protects every port from unauthorized access. Depending on
your selection, the Switch checks the MAC address or the IP address of the
connected device. The following functions are available for monitoring every
individual port:
Who has access to this port?
The Switch recognizes 2 classes of access control:
All:
– no access restriction.
– MAC address 00:00:00:00:00:00 or
– IP address 0.0.0.0.
User:
– only one assigned user has access.
– you define the user via his/her MAC or IP address.
What should happen after an unauthorized access attempt?
The Switch can respond in three selectable ways to an unauthorized ac-
cess attempt:
non: no response
trapOnly: message by sending a trap
portDisable:message by sending a trap and disabling the port
Note: Since the Switch is a layer 2 device, it translates the IP addresses en-
tered into MAC addresses. For this, exactly one IP address must be assigned
to a MAC address.
Please keep in mind that when using a router, for example, several IP ad-
dresses can be assigned to one MAC address, namely that of the router. This
means that all packets of the router will pass the port unchecked if the per-
mitted IP address is that of the router.
If a connected device sends packets with other MAC addresses and a per-
mitted IP address, the switch will disable the port.
Basic - L3P
Release 4.0 11/07
6.4 Port access control
11