Terminal Resources
This section describes the terminal resource feature, including the definition, benefits, functions, principles, and key indicators of the feature.
Definition
eSight provides detailed information about access terminals and offers a unified approach for you to manage access terminals. eSight provides terminal access history, suspicious terminal logs, unauthorized access management, and remote notification to allow network administrators to obtain terminal access information in real time.
Benefits
Terminal resource management can rapidly detect access terminals on the heterogeneous network by analyzing MAC address forwarding tables and ARP tables. This method locates terminals, displays the terminal access history, and generates alarms in real time when detecting terminal security risks.
Functions
eSight provides detailed information about access terminals and offers a unified approach for you to manage access terminals. eSight provides terminal access history, suspicious terminal logs, unauthorized access management, and remote notification to allow network administrators to obtain terminal access information in real time.
Terminals that have accessed the network can be discovered either by a manually conducted immediate discovery or a periodically conducted automatic discovery.
Terminal Discovery Configuration
- Whether to parse terminal names.
- Whether to enable automatic discovery.
- Intervals of automatic discovery.
- Discovery scope, which applies to both immediate discovery and automatic discovery.Figure 3-46 Terminal discovery settings
Whitelist
You can configure a whitelist that contains authorized IP addresses and MAC addresses. When the configuration takes effect, eSight checks whether a discovered terminal is authorized. If not, eSight records its details for you to acknowledge the unauthorized terminal.
Access Binding Rule
You can configure Port-IP or Port-MAC rules to restrict access terminals under device ports. Yon can also configure IP-MAC rules to restrict binding relationships between IP and MAC addresses. eSight identifies terminals that break these rules as unauthorized terminals and records detailed access information.
Terminal Access Record
- View terminal access details and access history.
- View unauthorized access logs of terminals.
- Switch to the physical topology to locate the access devices of terminals.
- Switch from an access interface to the Interface Management page.
- Switch to the device panel to view the access interfaces of terminals.
- Configure terminal remarks.
Suspicious Terminal Report
- Check invalid MAC addresses to detect unauthorized terminal access.
- Check duplicate MAC addresses to detect MAC address theft.
- Check duplicate IP addresses to detect IP address theft.
Unauthorized Access
eSight detects unauthorized terminal access based on the IP and MAC address whitelists configured. With unauthorized access management, you can:
- View unauthorized access logs and unauthorized terminal details.
- Export unauthorized terminal details.
- Acknowledge unauthorized terminals.
Remote Notification
You can configure eSight to send an email notification upon detecting unauthorized terminal access.
Principle
After a terminal broadcasts the ARP packet in the LAN, the ARP table of the network device learns the mapping between the IP address, MAC address, and port of the terminal. In addition, the layer-2 forwarding device obtains the source MAC address of the data frame from passing through the switch, maps the source MAC address and port of the received data frame to complete the learning of the MAC address forwarding table.
eSight terminal access management uses SNMP or SFTP to access the MIB interface of a network device to obtain the MAC address forwarding table and ARP table, and discovers the access terminal resources on the network through analysis.