To configure the Switch’s Safeguard Engine, change the State to Enabled when the Safeguard Engine is enabled a
green light will show on the gray bar at the top of this window, next to Safeguard. To set the Safeguard Engine for the
Switch, complete the following fields:
Parameter Description
Rising Threshold
Used to configure the acceptable level of CPU utilization before the Safeguard Engine
mechanism is enabled. Once the CPU utilization reaches this percentage level, the Switch
will move into the Exhausted state.
Falling Threshold
Used to configure the acceptable level of CPU utilization as a percentage, where the Switch
leaves the Exhausted state and returns to normal mode.
Trap/log
Use the pull-down menu to enable or disable the sending of messages to the device’s SNMP
agent and switch log once the Safeguard Engine has been activated by a high CPU utilization
rate.
Mode Toggle the State field to either Strict or Fuzzy for the Safeguard Engine of the Switch.
Click Apply to implement the settings made.
Trusted Host
Use the Security IP Management to permit remote stations to manage the Switch. If you choose to define one or more
designated management stations, only the chosen stations, as defined by IP address, will be allowed management
privilege through the web manager or Telnet session. To define a management station IP setting, type in the IP
address with a proper subnet mask and click the Add button.
To view this window click Security > Trusted Host
Figure 6 - 3 Trusted Host window
To delete an entry click the corresponding Delete button.
IP-MAC-Port Binding
The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these
two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC
binding is to restrict the access to a switch to a number of authorized users. Only the authorized client can access the
Switch’s port by checking the pair of IP-MAC addresses with the pre-configured database. If an unauthorized user
tries to access an IP-MAC binding enabled port, the system will block the access by dropping its packet. The
maximum number of IP-MAC binding entries is dependant on chip capability (e.g. the ARP table size) and storage
size of the device. For the xStack
®
DES-3528/DES-3552 series of switches, Active and inactive entries use the same
database. The maximum entry number is 511. The creation of authorized users can be manually configured by CLI or
Web. The function is port-based, meaning a user can enable or disable the function on the individual port.
To Next Page
Loading...
Need help?
General