Managing Network Security
EPICenter Concepts and Solutions Guide
116
configuration archive files to determine if any configuration changes have been made. If it detects
changes, EPICenter will inspect the Syslog file for the device to identify any entries that are related
to the configuration changes observed in the archived configuration file.
● Regularly archiving your device configuration files provides a backup in case a configuration is
accidentally or intentionally changed.
● The Configuration Manager’s Diff feature lets you compare two saved configuration files, or
compare a saved configuration file against the baseline configuration for the device to see the
differences between the two files. You must have a Differences viewer installed on the system where
you EPICenter server is installed. You can configure the Diff Viewer using the Setup Viewers
command from the Options submenu of the Config menu or the right-click pop-up menu in the
Configuration Manager.
See Chapter 6, “Managing Network Device Configurations and Updates” for more information on using
these features of the Configuration Manager.
Using the MAC Address Finder
You may need to track down a specific host on your enterprise network. This host may be involved in
malicious activity, be a compromised source for virus infections, be using excessive bandwidth, or have
network problems. EPICenter provides the IP/MAC Address Finder tool to locate any MAC address on
your network.
EPICenter provides two ways to find a MAC address in your enterprise network.
If you have MAC Address Polling enabled, you can use a database search that searches the MAC FDB
information learned by EPICenter's MAC Address Poller. The MAC Address Poller maintains a
database on the EPICenter server of all MAC addresses associated with edge ports. An edge port is
identified by the absence of Extreme Discovery Protocol (EDP) or Link Layer Discovery Protocol (LLDP)
packets on a port. You can additionally disable MAC Address Polling on specific ports and switches.
This is useful for disabling polling on trunk ports on third-party switches (which EPICenter will
identify as edge ports, as they do not use EDP or LLDP).
The MAC Address Poller determines the set of MAC address on the edge ports via the FDB database on
the switch. It also keeps track of the IP address(es) associated with the MAC address using the IP ARP
cache on the switch. The database search is faster than the network search, although the database may
be less up to date, as a full MAC address poll cycle can take a reasonably long time. However, if you
want to identify the switch port where the host is connecting to the network, then a database search has
the advantage of automatically ignoring trunk ports.
EPICenter also provides a full network search to search the forwarding database (FDB) and IP ARP
cache on selected switches. A network search has the advantage of searching the most up to date source
of data. However, the network search is slower because it must contact each switch directly. It also does
not always report the correct IP address associated with a MAC address/VLAN port when the MAC
address is mapped to multiple IP address on the switch.
If you want to determine how a MAC address is propagating through the network aggregation layer,
you should use a network search.
To Next Page
Loading...
Need help?
General
