Navigate to the Security page
Click 'Security' on the left-hand side.
This will take you to the OneClick Secure™ page.
Brief overview
As stated on the page, OneClick Secure will not impact traffic for any currently connected devices.
In order to secure the system, simply click the 'Lock System' button. The recommended options are already selected when you navigate to the page.
Upon completion, there will be a result summary displayed, with the modified port configurations highlighted in light-blue.
IMPORTANT!
If you are using OneClick Secure™ (locking or unlocking) on a redundant Spectra system, you must always manually sync your databases.
To do so, go to Lasers > Redundant Settings on the system that you just locked or unlocked and click the Sync Config DB button. Then check the Ports pages on both systems to quickly confirm (e.g. unused ports are disabled).
Do this even if the databases appear to be synced.
This only applies to redundant Spectra systems.
OneClick Secure options
Secure Active Ports
Selecting this option (checkbox) will apply MAC address authorization rules automatically. The points below cover the exact behavior in more detail.
- If a port has MAC address authorization enabled, it will not be affected by OneClick Secure. Any device that was connected to that port when the 'Lock System' button was clicked, will still be allowed to pass traffic on that port.
- MAC address authorization will be applied to Edge Switch ports that have single device connected to them.
- If there is a single device authorization rule that is disabled on a port, then the rule will be replaced if there is a different device detected.
- No configurations will be applied to the port if the link status is up, but no devices are detected on the port.
- When there are multiple devices, authorization rules are added to allow all of them to communicate, but the rules are not automatically enabled. This behavior is important, because some devices may not communicate frequently enough to be detected.
When multiple devices are detected, you can view them using the 'View all MACs' button. It is important to note that OneClick Secure will not remove old authorization rules, even if the device is not detected in the most recent iteration.
Secure Inactive Ports
Selecting this option will automatically disable the traffic and PoE on any Edge Switch port that has link status down.
Secure Multi-device Ports
When this option is selected, the ports with multiple devices detected will have rules automatically enabled. As said in the warning shown when this option is selected, this option may adversely affect traffic for certain types of devices, if care is not taken. For more information, please read the article OneView Device Authorization Guide for Quiet Devices (HVAC / Daisy Chain Loop).
Unlock system
Clicking on this button will enable traffic and PoE, and disable MAC address authorization on all Edge Switch ports. All MAC address authorization rules are kept intact, but traffic will be allowed on all ports.
Filters
You can filter the OneClick Secure result summary using the buttons located directly above the results. By default, no filters will be applied.
Offline Edge Switches
OneClick Secure will not change the settings of Edge Switches that do not currently have management access.
Below you will see the possible symbols that can appear under the 'Connection' column on the 'Edge Switches' page. OneClick Secure will only configure Edge Switches that have the green link symbol, which represents the online state.
Secure Individual Edge Switches
You can also apply OneClick Secure to individual switches, rather than to all Edge Switches at once. To do this, navigate to the 'Edge Switches' page, then click 'More' for the desired Edge Switch.
In the popup window, click on the 'OneClick Security' tab.
You should see that Edge Switch's OneClick Secure view. Apart from only applying settings to the currently viewed Edge Switch, the behavior of OneClick Secure on this page is exactly the same as on the Security page. This allows you to have more control over which switches you want to lock down at a given time, which can be handy for troubleshooting purposes.
Comments
0 comments
Article is closed for comments.