Mac Address Finder; Using Alarms To Monitor Potential Security Issues - Extreme Networks EPICenter Guide Manual

you EPICenter server is installed. You can configure the Diff Viewer using the Setup Viewers
command from the Options submenu of the Config menu or the right-click pop-up menu in the
Configuration Manager.
See Chapter 6, "Managing Network Device Configurations and Updates" for more information on using
these features of the Configuration Manager.

MAC Address Finder

You may need to track down a specific host on your enterprise network. This host may be involved in
malicious activity, be a compromised source for virus infections, be using excessive bandwidth, or have
network problems. EPICenter provides the IP/MAC Address Finder tool to locate any MAC address on
your network.
EPICenter provides two ways to find a MAC address in your enterprise network.
If you have MAC Address Polling enabled, you can use a database search that searches the MAC FDB
information learned by EPICenter's MAC Address Poller. The MAC Address Poller maintains a
database on the EPICenter server of all MAC addresses associated with edge ports. An edge port is
identified by the absence of Extreme Discovery Protocol (EDP) packets on a port. You can additionally
disable MAC Address Polling on specific ports and switches. This is useful for disabling polling on
trunk ports on third-party switches that do not use EDP.
The MAC Address Poller determines the set of MAC address on the edge ports via the FDB database on
the switch. It also keeps track of the IP address(es) associated with the MAC address using the IP ARP
cache on the switch. The database search is faster than the network search, although the database may
be less up to date, as a full MAC address poll cycle can take a reasonably long time. However, if you
want to identify the switch port where the host is connecting to the network, then a database search has
the advantage of automatically ignoring trunk ports.
EPICenter also provides a full network search to search the forwarding database (FDB) and IP ARP
cache on selected switches. A network search has the advantage of searching the most up to date source
of data. Also, it supports searches on third party devices and on trunk ports, which transmit Extreme
Discovery Protocol (EDP) packets. The network search is slower because it must contact each switch
directly. It also does not always report the correct IP address associated with a MAC address / VLAN
port when the MAC address is mapped to multiple IP address on the switch.
If you want to determine how a MAC address is propagating through the network aggregation layer,
then a network search should be used.

Using Alarms to Monitor Potential Security Issues

The EPICenter Alarm Manager allows you to create custom alarm conditions on any supported MIB
object known to EPICenter. Using the Alarm Manager, you can set up alarms for alerting you to critical
security problems within your network. An example of this would be creating an alarm to notify you of
a potential Denial of Service (DoS) attack.
A DoS attack occurs when a critical network or computing resource is overwhelmed so that legitimate
requests for service cannot succeed. In its simplest form, a DoS attack is indistinguishable from normal
heavy traffic. Extreme Network switches are not vulnerable to this simple attack because they are
designed to process packets in hardware at wire speed. However, there are some operations in any
EPICenter Concepts and Solutions Guide
MAC Address Finder
103