No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00 Operation Guide 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Terminal Resource Management Introduction

Terminal Resource Management Introduction

This section describes the definition, functions, application restrictions, and key indicators of terminal resource management.

Definition

eSight provides detailed information about access terminals and offers a unified approach for you to manage access terminals. eSight provides terminal access history, suspicious terminal logs, unauthorized access management, and remote notification to allow network administrators to obtain terminal access information in real time.

Functions

eSight provides detailed information about access terminals and offers a unified approach for you to manage access terminals. eSight provides terminal access history, suspicious terminal logs, unauthorized access management, and remote notification to allow network administrators to obtain terminal access information in real time.

Terminals that have accessed the network can be discovered either by a manually conducted immediate discovery or a periodically conducted automatic discovery.

Terminal Discovery Configuration
  • Whether to parse terminal names.
  • Whether to enable automatic discovery.
  • Intervals of automatic discovery.
  • Discovery scope, which applies to both immediate discovery and automatic discovery.
    Figure 12-11 Terminal discovery settings
Whitelist

You can configure a whitelist that contains authorized IP addresses and MAC addresses. When the configuration takes effect, eSight checks whether a discovered terminal is authorized. If not, eSight records its details for you to acknowledge the unauthorized terminal.

Figure 12-12 Setting the whitelist
Access Binding Rule

You can configure Port-IP or Port-MAC rules to restrict access terminals under device ports. Yon can also configure IP-MAC rules to restrict binding relationships between IP and MAC addresses. eSight identifies terminals that break these rules as unauthorized terminals and records detailed access information.

Figure 12-13 Access binding rule
Terminal Access Record
  • View terminal access details and access history.
  • View unauthorized access logs of terminals.
  • Switch to the physical topology to locate the access devices of terminals.
  • Switch from an access interface to the Interface Management page.
  • Switch to the device panel to view the access interfaces of terminals.
  • Configure terminal remarks.
Figure 12-14 Terminal access record
Suspicious Terminal Report
  • Check invalid MAC addresses to detect unauthorized terminal access.
  • Check duplicate MAC addresses to detect MAC address theft.
  • Check duplicate IP addresses to detect IP address theft.
Figure 12-15 Suspicious terminal
Unauthorized Access

eSight detects unauthorized terminal access based on the IP and MAC address whitelists configured. With unauthorized access management, you can:

  • View unauthorized access logs and unauthorized terminal details.
  • Export unauthorized terminal details.
  • Acknowledge unauthorized terminals.
Figure 12-16 Unauthorized access record
Remote Notification

You can configure eSight to send an email notification upon detecting unauthorized terminal access.

Figure 12-17 Remote notification

Application Restrictions

  • Automatic terminal discovery function: It is recommended that the discovery period be greater than 30 minutes if the number of devices to be discovered is less than 2,000 and be greater than 60 minutes if the number of devices to be discovered is greater than 2,000. Set the discovery period based on the actual number of devices and the network condition, ensuring that terminals can be discovered normally.
  • If the device is configured with port security and the sticky MAC function is enabled on the interface, the access terminals connected to the interface cannot be discovered.

KPIs

None

Translation
Download
Updated: 2019-06-30

Document ID: EDOC1100044378

Views: 58467

Downloads: 268

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next