No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Operation Guide 09

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Typical Configuration Examples

Typical Configuration Examples

This section describes how to use terminal resource management in actual scenarios, helping users effectively monitor resources.

Example for Using Terminal Resource Management to Monitor Unauthorized Users

This example illustrates how enterprise administrators use eSight to discover unauthorized terminals in a timely and effective manner, to ensure network stability and security.

Applicable Products and Versions

eSight V200R005C00 or later versions

Networking Requirements

The network administrator Jack is responsible to monitor access terminals and recognize and eliminate unauthorized terminals to ensure network security. Generally, Jack remotely connects to access terminals, runs commands in the CLI, and compares access terminals with the authorized terminal list. The working efficiency is low, and unauthorized terminals cannot be detected in a timely manner.

eSight automatically discovers unauthorized terminals and notifies Jack by emails, improving the efficiency in discovering unauthorized terminals.

On the enterprise network shown in Figure 12-9, there are three switches, four authorized terminals, and an uncertain number of unauthorized terminals.

Figure 12-9 Enterprise campus network
Configuration Roadmap
  1. To discover terminals that connect to the network through switches, add the three switches to eSight first.
  2. To discover unauthorized terminals, set access rules. Terminals that violate the access rules are recognized as unauthorized terminals.
    • To discover access terminals that are unauthorized or beyond the specified range, create IP address and MAC address whitelists and add the IP addresses and MAC addresses of the four authorized terminals to the whitelists.
    • To prevent IP address theft, MAC address theft, or private terminal connection, bind the IP addresses and MAC addresses of the four authorized terminals to device ports.
  3. Configure the terminal discovery mode and range to discover access terminals at regular intervals.
  4. Configure the email server so that eSight can send emails.
  5. Add a remote notification policy so that eSight can send emails to Jack when detecting unauthorized terminals.
Data Plan
Table 12-11 Access rule

Authorized Terminal

Access Rule

Terminal Name

IP Address

MAC Address

Access Terminal Name

Access Terminal IP Address

Access Port

IP Address Whitelist

MAC Address Whitelist

PORT-IP

PORT-MAC

IP-MAC

A

192.168.2.1

08-19-A6-CD-22-31

S5700-182

192.168.0.1

GigabitEthernet7/0/17

B

192.168.2.3

00-1E-C9-50-8E-74

S9312-152

192.168.0.2

GigabitEthernet7/0/34

C

192.168.2.4

D4-AE-52-7A-85-56

S9312-152

192.168.0.2

GigabitEthernet7/0/12

D

192.168.2.2

08-19-A6-24-67-DE

S7706-195

192.168.0.3

GigabitEthernet2/0/0

Table 12-12 SMTP email server information

IP Address

Sender Address

Port

Sender User Name

10.10.10.1

jack@sina.com

25

jack

Prerequisites
  • You have operation rights for Access Resource and Terminal Resource Management.
  • The aggregation switch and three access switches have been added to eSight.
Procedure
  1. Add an access rule.

    1. Choose Resource > Network > Equipment > Terminal Resources from the main menu.
    2. Create an IP address whitelist.
      1. In the navigation tree, choose Security Management > Whitelist.
      2. On the IP Address Whitelist tab page, click Import.
      3. Click next to Download Template to download the template to a local host. Enter the IP addresses as planned.
      4. Click , select the modified template, and click Upload.
      5. Select all addresses to import and click OK.
    3. Create a MAC address whitelist.
      1. In the navigation tree, choose Security Management > Whitelist.
      2. On the MAC Address Whitelist tab page, click Import.
      3. Click next to Download Template to download the template to a local host. Enter the MAC addresses as planned.
      4. Click , select the modified template, and click Upload.
      5. Select all addresses to import and click OK.
    4. Create access binding rules.
      1. In the navigation tree, choose Security Management > Access Binding Rule.
      2. Click Import.
      3. Click next to Download Template to download the template to a local host. Enter the access binding rules as planned.
      4. Click , select the modified template, and click Upload.
      5. Click Create.
      6. Click Finish.

    After the preceding settings are complete, eSight will define terminals that are beyond the whitelists or violate the access binding rules as unauthorized terminals, and display access information on the Unauthorized Access page.

  2. Set terminal discovery parameters.

    1. In the navigation tree, choose Resource Management > Discovery Configuration.
    2. Set the parameters and click Apply.

    After the preceding settings are complete, eSight performs access terminal discovery on the entire network every 60 minutes.

  3. Configure the email server.

    1. Choose System > System Settings > System Interconnection from the main menu.
    2. Choose Set Notified Server > Email Server from the navigation tree on the left, set related parameters, and click Test.
    3. Click Apply when the test is successful.

  4. Set a remote notification policy.

    1. Choose Resource > Network > Equipment > Terminal Resources from the main menu.
    2. In the navigation tree, choose Security Management > Remote Notification.
    3. Set the parameters and click Apply.

      After the preceding settings are complete, eSight will send new unauthorized access information (in Excel format) to Jack by emails, so Jack can obtain unauthorized access information in a timely manner.

Verification

After the preceding settings are complete, connect unauthorized terminal Z to the network. The IP address is 192.168.2.9, MAC address is 08-19-A6-D0-BE-C9, access terminal name is S7706-195, and access port is GigabitEthernet2/0/0.

Terminal Z violates the following access rules:

  • Its IP address is beyond the IP address whitelist.
  • Its MAC address is beyond the MAC address whitelist.
  • It violates the GigabitEthernet2/0/0 - 192.168.2.2 rule in the PORT-IP access binding rule.
  • It violates the GigabitEthernet2/0/0 - 08-19-A6-24-67-DE rule in the PORT-MAC access binding rule.
  1. Check whether Jack can receive emails.

    Unauthorized terminal Z connected to the network at 13:25, on August 25, 2014 (Monday). Automatic discovery was performed at 12:58, on August 25, 2014 last time, and the discovery interval is set to one hour.

    Jack received the email at 14:00, on August 25, 2014, indicating that automatic terminal discovery, email server, and remote notification policy are configured successfully and take effect.

  2. Verify the access rule.

    Open the Excel file in the email attachment and check unauthorized access terminal information.

    If terminal information in the Excel file is the same as basic information about terminal Z and the number of unauthorized access times is 4, the access rule is configured correctly.

The result shows that the configurations in this example are correct, and eSight can automatically discover unauthorized terminals and send emails to Jack when discovering new unauthorized terminals.

Download
Updated: 2019-05-17

Document ID: EDOC1100011877

Views: 283270

Downloads: 540

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next