Device
This page shows the list of networks registered in AMF Security's database.
Device List
This page shows the list of networks registered in AMF Security's database.
| Item Name | Search | Sort | Note |
|---|---|---|---|
| Device ID | × | × | |
| Tag | × | × | |
| Note | × | × | |
| Number of Policies | × | × | |
| Number of Interfaces | × | × | |
| Interface: MAC Address* | × | × | |
| Interface: Name* | × | × | |
| Interface: Note* | × | × |
| Item Name | Description |
|---|---|
| Device ID | ID (Name) of the device to register. |
| Tag | Secondary name of the device for administrative use. |
| Note | Arbitrary string (comment) for the device. |
| Number of Policies | Number of security policies applied to the device. |
| Number of Interfaces | Number of MAC Addresses (interfaces) associated with the device. |
| Item Name | Description |
|---|---|
| Page Top | |
| Add Device | Open the Add Device page. |
| Active Device List | Open the Active Device List page. |
| Export to CSV | Start downloading of a list of devices in CSV format. |
| Device List | |
| Delete Selected | Delete all the checked devices. |
| Edit | Open the Update Device page for the selected device. |
| Delete | Delete the device. |
NoteRefer to Appendix/CSV File for CSV Files.
Add Device
This page lets you add a new device to the database.
| Item Name | Description |
|---|---|
| Device ID (Mandatory) | ID (Name) of the device to register. Device ID must be unique. Max 255 characters |
| Tag | Secondary name of the device. It can be used by administrators to easily distinguish, categorize or filter devices. Multiple tags can be specified by separating them with a semicolon (;). The tag is used even if you authenticate using the tag on the Group > Tag List page or set 'tag' in the device lookup on the System Settings > Trap Monitor Settings page. When using a tag for authentication, the tag can be up to 16 characters long and can contain alphanumeric characters (excluding semicolons (;)), symbols, and Japanese characters. Otherwise, the tag can be up to 255 characters long and can contain alphanumeric characters (excluding semicolons (;)), symbols, and Japanese characters. |
| Note | Arbitrary string (comment) for the device. Max 255 characters. |
NoteIf multiple tags are specified, they are used in authentication using tag. When using tags for Device Lookup, only the first set tag is used.
NoteUse up to 16 characters for the tags used on the Group > Tag List page.
| Item Name | Description |
|---|---|
| Interfaces | |
| Interfaces | List of MAC Addresses (interfaces) associated with the device. |
| MAC Address | Interface MAC Address of the device. |
| Name | Administrative name of the interface (MAC Address). |
| Note | Arbitrary string (comment) for the interface (MAC Address). |
| Policies | |
| Policies | List of security policies which are being applied to the device. |
| Priority | A priority value of the security policy. It must be an integer in the range of 0 to 255. When multiple security policies are set, if the interface registered on the device is connected to OpenFlow Switches or AMF Members, it is determined whether the security policy with the lowest priority value matches in order. |
| Network | ID of the network which AMF Security assigns the device to. |
| Location | A matching criterion of the MAC Address for its access location. Either an OpenFlow Switch ID and a Switch Port or a Location ID. |
| Schedule | A Schedule ID. |
| Item Name | Description |
|---|---|
| Interfaces | |
| Add | Open the Edit Interface dialog to register new interface for the device. |
| Edit | Open the Edit Interface dialog to edit the selected interface. |
| Delete | Mark to delete the MAC Address (interface) associated with the device. The interface to be deleted is indicated with the DEL mark on the left side of its record line. |
| Revert | Clear the DEL mark on the interface. |
| Policies | |
| Add | Open the Edit Policy dialog to register new security policy for the device. |
| Edit | Open the Edit Policy dialog to edit the selected security policy. |
| Delete | Mark to delete the security policy attached to the device. The security policy to be deleted is indicated with the DEL mark on the left side of its record line. |
| Revert | Clear the DEL mark on the security policy. |
| Page Bottom | |
| Submit | Add a new device with the input information on this page and subordinate dialogs by committing the information for the newly added device. |
| Cancel | Cancel the operation for adding a new device. |
NoteInterfaces and security policies marked with DEL is deleted when the "Submit" button is clicked. Once you click the "Submit" button, you cannot undo the delete operations.
Edit Interface
This dialog lets you add a new MAC Address (interface) to the device or update an existing MAC Address (interface) associated with the device.
| Item Name | Description |
|---|---|
| MAC Address (Mandatory) | MAC Address of the interface. MAC Address must be unique. Valid formats are as follows xx:xx:xx:xx:xx:xx, xx-xx-xx-xx-xx-xx, xxxx.xxxx.xxxx |
| Name | Administrative name of the interface. Max 255 characters. |
| Note | Arbitrary string (comment) for the interface. Max 255 characters. |
| Item Name | Description |
|---|---|
| Bottom of the dialog | |
| Submit | Add or update the interface information. |
| Cancel | Cancel the operation of adding or updating the interface information. |
Edit Policy
This dialog lets you add a new security policy to the device or update an existing security policy attached to the device.
| Item Name | Description |
|---|---|
| Priority (Mandatory) | A priority value of the security policy. It must be an integer in the range of 0 to 255. When multiple security policies are set, if the interface registered on the device is connected to OpenFlow Switches or AMF Members, it is determined whether the security policy with the lowest priority value matches in order. |
| Network | ID of the network which AMF Security assigns the device to. Maximum 100 IDs of the existing networks are shown in the dropdown list. If you enter text in the field, Network IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Network ID, VLAN ID or Note (it shows maximum 100 elements). From the dropdown list, select a Network ID. If the registered device is connected to the OpenFlow Switch, AMF Member (Edge Node), or TQ's AMF Application Proxy, it is connected to the VLAN subnet configured in the network. If the network is not registered in the device (if this setting is blank or the VLAN ID is set to 0 in the network security policy setting), the OpenFlow Switch uses untagged VLAN (subnet without VLAN) and AMF Member Is connected to the VLAN set for the AMF Member. The connection to the VLAN subnet is realized by sending as a tagged VLAN with the set VLAN ID when it is sent to the upper network of the connected OpenFlow Switches and AMF Members. You have to add the network before assigning a device to the network. Refer to Policy Settings > Add Network for the instruction on how to register a network. Also, if the registered device is connected to the TQ's AMF Application Proxy, it depends on the TQ settings. Refer to Quick Tour/What is AMF Security > TQ's AMF Application Proxy/Behavior when using TQ dynamic VLAN. |
| Location | Specify a location where the device can access the network. Maximum 100 IDs of the existing locations are shown in the dropdown list. If you enter text in the field, location IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Location ID or Note (it shows maximum 100 elements). From the dropdown list, select a Location ID. If you specify Location, the UnAuth Group can access the network only from OpenFlow Switches and AMF Members in the location. If you do not specify Location, the UnAuth group can access the network from all OpenFlow Switches and AMF Members. You have to add the location before specifying it for a device. Refer to Policy Settings > Add Location for the instructions on how to add locations. |
| Schedule | Specify a schedule when the device can access the network. Maximum 100 IDs of the existing schedules are shown in the dropdown list. If you enter text in the field, Schedule IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Schedule ID or Note (it shows maximum 100 elements). From the dropdown list, select a Schedule ID. If you specify a Schedule for a device, the device can access the network only when the schedule is effective. If you do not specify a schedule, a device can always access the network. You have to add the schedule before specifying it for a device. Refer to Policy Settings > Add Schedule for the instruction on how to register a schedule. |
| OpenFlow Switch | Specify an OpenFlow Switches from which a device can access the network. Maximum 100 IDs of the existing switches are shown in the dropdown list. If you enter text in the field, switch IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Switch ID, Datapath ID, Upstream Port or Note (it shows maximum 100 elements). From the dropdown list, select a Switch ID. If an OpenFlow Switch is specified for the device, Location for the device is not used. When OpenFlow Switch is specified but a switch port is not, the device can access the network through any port on the switch. |
| Switch Port | Specify a switch port through which the device can access the network. It is ignored if an OpenFlow Switch is not specified. |
| Indefinite expiration date. | Disable timeout of the flow for the device. This option is useful for devices which do not transmit packets by themselves (e.g. Multifunctional Printers). |
NoteIf OpenFlow Switch has access to untagged VLAN (subnet without VLAN) and AMF Member to the VLAN set as AMF Member, depending on the switch setting, the device may be able to connect to the equipment on the control plane.
NoteIf a device policy has "OpenFlow Switch", "Switch Port" and "Indefinite expiration date." configured, a flow entry for the device is automatically added to the OpenFlow Switch when the switch establishes a connection to AMF Security.
Thus a passive device can be authenticated without sending packets.
| Item Name | Description |
|---|---|
| Bottom of the dialog | |
| Submit | Add or update the security policy information. |
| Cancel | Cancel the operation for adding or updating policy. |
Update Device
This page lets you update the information of an existing device.
| Item Name | Description |
|---|---|
| Device ID (Mandatory) | ID (Name) of the device to register. Device ID must be unique. Max 255 characters |
| Tag | Secondary name of the device. It can be used by administrators to easily distinguish, categorize or filter devices. Multiple tags can be specified by separating them with a semicolon (;). The tag is used even if you authenticate using the tag on the Group > Tag List page or set 'tag' in the device lookup on the System Settings > Trap Monitor Settings page. When using a tag for authentication, the tag can be up to 16 characters long and can contain alphanumeric characters (excluding semicolons (;)), symbols, and Japanese characters. Otherwise, the tag can be up to 255 characters long and can contain alphanumeric characters (excluding semicolons (;)), symbols, and Japanese characters. |
| Note | Arbitrary string (comment) for the device. Max 255 characters. |
NoteIf multiple tags are specified, they are used in authentication using tag. When using tags for Device Lookup, only the first set tag is used.
NoteUse up to 16 characters for the tags used on the Group > Tag List page.
| Item Name | Description |
|---|---|
| Interfaces | |
| Interfaces | List of MAC Addresses (interfaces) associated with the device. |
| MAC Address | Interface MAC Address of the device. |
| Name | Administrative name of the interface (MAC Address). |
| Note | Arbitrary string (comment) for the interface (MAC Address). |
| Policies | |
| Policies | List of security policies which are being applied to the device. |
| Priority | A priority value of the security policy. It must be an integer in the range of 0 to 255. When multiple security policies are set, if the interface registered on the device is connected to OpenFlow Switches or AMF Members, it is determined whether the security policy with the lowest priority value matches in order. |
| Network | ID of the network which AMF Security assigns the device to. |
| Location | A matching criterion of the MAC Address for its access location. Either an OpenFlow Switch ID and a Switch Port or a Location ID. |
| Schedule | A Schedule ID. |
| Item Name | Description |
|---|---|
| Interfaces | |
| Add | Open the Edit Interface dialog to register new interface for the device. |
| Edit | Open the Edit Interface dialog to edit the selected interface. |
| Delete | Mark to delete the MAC Address (interface) associated with the device. The interface to be deleted is indicated with the DEL mark on the left side of its record line. |
| Revert | Clear the DEL mark on the interface. |
| Policies | |
| Add | Open the Edit Policy dialog to register new security policy for the device. |
| Edit | Open the Edit Policy dialog to edit the selected security policy. |
| Delete | Mark to delete the security policy attached to the device. The security policy to be deleted is indicated with the DEL mark on the left side of its record line. |
| Revert | Clear the DEL mark on the security policy. |
| Page Bottom | |
| Submit | Update the device with the input information on this page and subordinate dialogs by committing the information for the existing device. |
| Cancel | Cancel the operation for updating the device. |
NoteInterfaces and security policies marked with DEL is deleted when the "Submit" button is clicked. Once you click the "Submit" button, you cannot undo the delete operations.
Edit Interface
This dialog lets you add a new MAC Address (interface) to the device or update an existing MAC Address (interface) associated with the device.
| Item Name | Description |
|---|---|
| MAC Address (Mandatory) | MAC Address of the interface. MAC Address must be unique. Valid formats are as follows xx:xx:xx:xx:xx:xx, xx-xx-xx-xx-xx-xx, xxxx.xxxx.xxxx |
| Name | Administrative name of the interface. Max 255 characters. |
| Note | Arbitrary string (comment) for the interface. Max 255 characters. |
| Item Name | Description |
|---|---|
| Bottom of the dialog | |
| Submit | Add or update the interface information. |
| Cancel | Cancel the operation of adding or updating the interface information. |
Edit Policy
This dialog lets you add a new security policy to the device or update an existing security policy attached to the device.
| Item Name | Description |
|---|---|
| Priority (Mandatory) | A priority value of the security policy. It must be an integer in the range of 0 to 255. When multiple security policies are set, if the interface registered on the device is connected to OpenFlow Switches or AMF Members, it is determined whether the security policy with the lowest priority value matches in order. |
| Network | ID of the network which AMF Security assigns the device to. Maximum 100 IDs of the existing networks are shown in the dropdown list. If you enter text in the field, Network IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Network ID, VLAN ID or Note (it shows maximum 100 elements). From the dropdown list, select a Network ID. If the registered device is connected to the OpenFlow Switch, AMF Member (Edge Node), or TQ's AMF Application Proxy, it is connected to the VLAN subnet configured in the network. If the network is not registered in the device (if this setting is blank or the VLAN ID is set to 0 in the network security policy setting), the OpenFlow Switch uses untagged VLAN (subnet without VLAN) and AMF Member Is connected to the VLAN set for the AMF Member. The connection to the VLAN subnet is realized by sending as a tagged VLAN with the set VLAN ID when it is sent to the upper network of the connected OpenFlow Switches and AMF Members. You have to add the network before assigning a device to the network. Refer to Policy Settings > Add Network for the instruction on how to register a network. Also, if the registered device is connected to the TQ's AMF Application Proxy, it depends on the TQ settings. Refer to Quick Tour/What is AMF Security > TQ's AMF Application Proxy/Behavior when using TQ dynamic VLAN. |
| Location | Specify a location where the device can access the network. Maximum 100 IDs of the existing locations are shown in the dropdown list. If you enter text in the field, location IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Location ID or Note (it shows maximum 100 elements). From the dropdown list, select a Location ID. If you specify Location, the UnAuth Group can access the network only from OpenFlow Switches and AMF Members in the location. If you do not specify Location, the UnAuth group can access the network from all OpenFlow Switches and AMF Members. You have to add the location before specifying it for a device. Refer to Policy Settings > Add Location for the instructions on how to add locations. |
| Schedule | Specify a schedule when the device can access the network. Maximum 100 IDs of the existing schedules are shown in the dropdown list. If you enter text in the field, Schedule IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Schedule ID or Note (it shows maximum 100 elements). From the dropdown list, select a Schedule ID. If you specify a Schedule for a device, the device can access the network only when the schedule is effective. If you do not specify a schedule, a device can always access the network. You have to add the schedule before specifying it for a device. Refer to Policy Settings > Add Schedule for the instruction on how to register a schedule. |
| OpenFlow Switch | Specify an OpenFlow Switches from which a device can access the network. Maximum 100 IDs of the existing switches are shown in the dropdown list. If you enter text in the field, switch IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Switch ID, Datapath ID, Upstream Port or Note (it shows maximum 100 elements). From the dropdown list, select a Switch ID. If an OpenFlow Switch is specified for the device, Location for the device is not used. When OpenFlow Switch is specified but a switch port is not, the device can access the network through any port on the switch. |
| Switch Port | Specify a switch port through which the device can access the network. It is ignored if an OpenFlow Switch is not specified. |
| Indefinite expiration date. | Disable timeout of the flow for the device. This option is useful for devices which do not transmit packets by themselves (e.g. Multifunctional Printers). |
NoteIf OpenFlow Switch has access to untagged VLAN (subnet without VLAN) and AMF Member to the VLAN set as AMF Member, depending on the switch setting, the device may be able to connect to the equipment on the control plane.
NoteIf a device policy has "OpenFlow Switch", "Switch Port" and "Indefinite expiration date." configured, a flow entry for the device is automatically added to the OpenFlow Switch when the switch establishes a connection to AMF Security.
Thus a passive device can be authenticated without sending packets.
| Item Name | Description |
|---|---|
| Bottom of the dialog | |
| Submit | Add or update the security policy information. |
| Cancel | Cancel the operation for adding or updating policy. |
MAC Address List
This page shows a list of MAC Addresses registered in AMF Security's database.
| Item Name | Search | Sort | Note |
|---|---|---|---|
| MAC Address | × | × | |
| Name | × | × | |
| Device ID | × | × | |
| Note | × | × | |
| Device: Tag* | × | × | |
| Device: Note* | × | × |
| Item Name | Description |
|---|---|
| MAC Address | MAC Address which is registered in AMF Security's database. |
| Name | Administrative name of the interface (MAC Address). |
| Device ID | ID of the device which is associated with the MAC Address. When clicked, the Update Device page for the device is displayed. |
| Note | Arbitrary string (comment) for the MAC Address. |
| Item Name | Description |
|---|---|
| Page Top | |
| Active Device List | Open the Active Device List page. |
| MAC Address List | |
| Delete Selected | Delete all the checked MAC Addresses. |
| Edit | Open the Update Device page for a device associated with the MAC Address. |
| Delete | Delete the MAC Address. |
Active Device List
This page shows a list of the devices which are connected to the OpenFlow Switches managed by AMF Security, and the devices which are authenticated or applied actions by AMF Application Proxy.If you have set up Account Group, the MAC Addresses of the following devices are listed: Of the devices connected to the OpenFlow Switch and AMF Member managed by AMF Security, the devices under OpenFlow Switch and AMF Member belonging to the Account Group to which the logged-in Account belongs.
The page also lets administrators manually run actions such as block or quarantine to selected devices.
◼ About AW+ AMF Application Proxy Whitelist and AMF Application Proxy Blacklist
For the devices which are applied actions by AMF Application Proxy, information retrieved from an AMF Master is listed.
Because AMF Application Proxy Whitelist and Blacklist operate independently, Information shown on Device > Active Device List page may be different from the status held by Edge Nodes.
When a device authenticated by AMF Application Proxy Whitelist becomes unauthenticated without a linkdown event, information on the device is deleted from Edge Nodes but it remains "Authorized" on the Device > Active Device List page.
- Example 1
When a device authenticated by AMF Application Proxy Whitelist applied a blocking action, the device is shown as both "Authorized" and "Blocked" on the Device > Active Device List page.
In this case, blocking action is being applied to the node.
- Example 2
When the session timeout is expired for a device authenticated by AMF Application Proxy Whitelist, information on the device is deleted from Edge Nodes but it remains "Authorized" on the Device > Active Device List page.
In this case, no log message or notification email is generated even when the device is re-authenticated.
◼ About TQ's AMF Application Proxy
TQ's AMF Application Proxy Whitelist and Blacklist work together.
When a device authenticated by AMF Application Proxy Whitelist applied a blocking action, the device is shown as "Blocked" on the Device > Active Device List page.
| Item Name | Search | Filter | Sort | Note |
|---|---|---|---|---|
| MAC Address | △* | − | × | |
| Device ID | △*1 | − | △*2 | |
| Connected Switch | △*1 | − | △*2 | |
| Connecting Network | △*1 | − | △*2 | |
| Status | × | × | △* |
| Item Name | Description |
|---|---|
| MAC Address | The MAC Address and vendor name managed by AMF Security are displayed. When the device is blocked by an IP Address, the IP Address is also displayed. (OpenFlow and AW+ AMF Application Proxy only) When you click the MAC or IP Address, the Active Device Detail page for the device is displayed. |
| Device ID | ○ OpenFlow ID of the device which is associated with the MAC Address.
○ AMF Application Proxy (AW+/TQ) ID of the device which is associated with the MAC Address.
|
| Connected Switch | ○ OpenFlow Displays the following items of the OpenFlow Switch to which the device is connected: IPv4 Address, OpenFlow Switch port name, OpenFlow port number. When Account Group is set, only OpenFlow Switches belonging to the Account Group to which the logged-in Account belongs are displayed. IPv4 Address is shown in the form of "ip=IPv4 Address". Clicking an address after "ip=", the Switches > OpenFlow Switch Detail page is displayed. If the switch is registered in AMF Security's database, its Switch ID is also displayed in the form of "id=Switch ID". When clicking a string after "id=", the Switches > Update OpenFlow Switch page is displayed. The OpenFlow Port Number and Port Name of the connected OpenFlow Switch are displayed in the format of "port=OpenFlow Port Number (Port Name)". A link status of a port is either up or down for AlliedWare Plus switches. A link status is always up for AT-TQ series wireless LAN access points. ○ AMF Application Proxy (AW+) Edge node to which authentication and AMF Action are applied by AMF Application Proxy Whitelist, and the Port Name of the edge node Switch. When Account Group is set, only AMF Members belonging to the Account Group to which the logged-in Account belongs are displayed. Edge Node is displayed in the format "id=Edge Node Name". The IPv4 Address of the Edge Node Switch is displayed in the format of "ip=IPv4 Address". Also, the port name of the edge node Switch is displayed in the format of "port=(Port Name)". If the AMF Action displayed in the status is "IP filter", the port name is not displayed. ○ AMF Application Proxy (TQ) Displays the IPv4 Address and port name of the TQ to which the device is connected. IPv4 Address is shown in the form of "ip=IPv4 Address". In addition, the TQ port name is displayed in the format of "port= (Port Name)". The link status of the port is always "unknown". |
| Connecting Network | ○ OpenFlow/AMF Application Proxy (TQ) VLAN ID and Network ID of the network to which the MAC Address is connected. VLAN ID and Network ID are shown in the form of "vlan=VLAN ID" and "id=Network ID" respectively. When clicking a string after "id=", the Policy Settings > Update Network page is displayed. A blocked device is shown with "No Connection". ○ AMF Application Proxy VLAN ID and Network ID of the network to which the MAC Address is connected. VLAN ID and Network ID are shown in the form of "vlan=VLAN ID" and "id=Network ID" respectively. When clicking a string after "id=", the Policy Settings > Update Network page is displayed. No Connecting Network is displayed for devices which are applied actions. |
| Status | ○ OpenFlow/AMF Application Proxy (TQ) Current status of the MAC Address.
For "Authorized", "Blocked", "Quarantined" or "Log-Only" actions, you can go to the Policy Settings > Action Detail page for the action by clicking its Action ID (a string after "action="). ○ AMF Application Proxy Current status of the MAC Address.
For "Blocked", "Link-Down", "IP-Filter", "Quarantined" and "Log-Only" action, ID of the action which is performing the action is shown in the form of "action=Action ID" with the "Delete" button beside it. You can go to the Policy Settings > Action Detail page by clicking a string after "action=". |
| Port Name | Description |
|---|---|
| AlliedWare Plus Devices | |
| portX.Y.Z | X - always "1" Y - Expansion bay number. "0" for a base (non-expansion) port. Z - Port number printed on the product. It is different from OpenFlow port number. |
| AT-TQ series wireless access point | |
| wlanX | radio interface. |
| athX | radio interface. |
| wdevXapY | radio interface. |
| Item Name | Description | |
|---|---|---|
| Page Top | ||
| Search Devices | Open the Search Devices dialog. Once the search began, the label of the "Search Device" button changes to "Cancel Search". Progress of the search operation is displayed in the "Search Progress" text box under the button. |
|
| Cancel Search | Cancel the search operation. It's only available when the search is in progress. |
|
| Action List | Open the Policy Settings > Action List page. | |
| Export to CSV | Start downloading of a list of devices in CSV format. | |
| Refresh | Refresh the Active Device List page. | |
| Active Device List | ||
| Disconnect Selected | ○ OpenFlow/AMF Application Proxy (TQ) Temporarily disconnect all the checked MAC Addresses from the network. Because this operation is temporary, disconnected devices can reconnect to the network as they have appropriate permissions. ○ AMF Application Proxy This operation is not for a device which is applied an AMF action. However, the operation is applicable if the same MAC Address is also listed for OpenFlow. ○ AMF Application Proxy Whitelist Temporarily disconnect all the checked MAC Addresses from the network. Because this operation is temporary, disconnected devices can reconnect to the network as they have appropriate permissions. |
|
| Device ID | Submit | (Only displayed when the MAC Address is unregistered) Open the Add Device dialog to add the MAC Address as a new device or an additional interface of an existing device. You can select whether to add the address as a new device or to associate it with an existing device on the Add Device dialog. |
| Static Register * | (Only displayed when the MAC Address is unregistered and the OpenFlow Switch it is connected to is registered) Open the Device > Add Device page to add the MAC Address as a new device. The MAC Address is added with the OpenFlow Switch's IPv4 Address and its port as its location. |
|
| Status | Delete | (Only displayed if an action is running on the MAC Address) Delete the action. |
| End of Each Row | Disconnect | ○ OpenFlow/AMF Application Proxy (TQ) Temporarily disconnect the MAC Addresses from the network. Because this operation is temporary, disconnected devices can reconnect to the network as they have appropriate permissions. ○ AMF Application Proxy This operation is not for a device which is applied an AMF action. However, the operation is applicable if the same MAC Address is also listed for OpenFlow. ○ AMF Application Proxy Whitelist Temporarily disconnect the MAC Addresses from the network. Because this operation is temporary, disconnected devices can reconnect to the network as they have appropriate permissions. |
| Block * | Block the traffic from the MAC Address. The MAC Address cannot access the network unless the action is deleted. The "Block" button is disabled when the MAC Address is being blocked. |
|
| Quarantine * | Move the MAC Address to the quarantine network. The "Quarantine" button is disabled when the MAC Address is being quarantined. |
|
NoteRefer to Appendix/CSV File for CSV Files.
The VLAN ID of the OpenFlow Quarantine network and the VLAN ID of the AMF Application Proxy(TQ) can be set on the System Settings > OpenFlow Settings page and AMF > TQ Setting page (common setting).
Add Device
By clicking the "Register" button for an unregistered MAC Address on the Device > Active Device List page, you can add the MAC Address as a new device or associate the MAC Address with an existing device.
| Item Name | Description |
|---|---|
| Register this MAC Address as a new device. | Add the MAC Address specified on the Active Device List page as an interface of a new device. |
| Add this MAC Address to an existing device. | Add the MAC Address specified on the Active Device List page as an additional interface of an existing device. |
| Device | When you select "Add this MAC Address to an existing device.", specify a Device ID to which the MAC Address is associated. Maximum 100 device IDs are shown in the dropdown list. If you enter text in the field, device IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Device ID, Tag or Note (it shows maximum 100 elements). From the dropdown list, select a Device ID for the device. |
| Item Name | Description |
|---|---|
| Bottom of the dialog | |
| Submit | Add a new MAC Address as a new device or a new interface of an existing device. The Device > Add Device page is displayed if you selected "Add the MAC Address as an interface of a new device.", while the Device > Update Device page is displayed if you selected "Add this MAC Address to an existing device.". On the Add Device or the Update Device page, the MAC Address is automatically added to the "Interfaces" for the device. Enter additional data such as Device ID, Tag, Note, security policies and other interfaces as required, then click "Submit". |
| Cancel | Cancel the operation for adding the MAC Address. |
Search Devices
When you click the "Search Devices" button on the Device > Active Device List page, the following dialog appears and lets you specify a range of IP Addresses to search.
| Item Name | Description |
|---|---|
| Search Range | Enter an IPv4 Address or an IPv4 Address range to search for devices. An IPv4 Address range can be specified in one of the following formats. xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx (The first and the last address in the range) xxx.xxx.xxx.xxx/xx (A base IPv4 Address and a mask length) xxx.xxx.xxx.xxx or xxx.xxx.xxx.xxx/32 (A single IP Address) |
| Probe ARP or ARP | Select a search method from "Probe ARP" and "ARP". Also specify a Sender IP when using ARP. |
| Sender IP | Specify this only when you select "ARP". |
| OpenFlow Switches / AMF Members | ○ OpenFlow Specify OpenFlow Switches to send out search packets by selecting Switch IDs from the list on the Switches > OpenFlow Switch List page. Multiple OpenFlow Switches can be specified by separating each ID with a semicolon (;). When no Switch ID is specified, all connected OpenFlow Switches send out search packets. ○ AMF Application Proxy Specify AMF Member names to send out search packets. Multiple AMF Members can be specified by separating each name with a semicolon (;). When no AMF Member is specified, all connected AMF Members send out search packets. |
NoteMake sure to specify a Sender IP which is not used in the target address range.
When specifying the first and the last address, make sure that the number of IP Addresses is 4,094 or less.
Specify the subnet mask length in the range of 20 to 32 bit mask.
| Item Name | Description |
|---|---|
| Bottom of the dialog | |
| Search | Start search on the input IPv4 Address(es). Clicking the "Search" button brings you back to the Active Device List page. Once the search began, the label of the "Search Device" button changes to "Cancel Search". Progress of the search operation is displayed in the "Search Progress" text box under the button. |
| Cancel | Cancel the search operation. |
Active Device Detail
When clicking a MAC Address or "Status" on the Device > Active Device List page, detailed information of the selected device is displayed.
| Item Name | Description |
|---|---|
| MAC Address | The MAC Address and vendor name managed by AMF Security are displayed. |
| IPv4 Address | IPv4 Address of the device. It is displayed only if it is known. |
| Device ID | ID of the device which is associated with the MAC Address.
|
| Status | Current status of the MAC Address. ○ OpenFlow/AMF Application Proxy (TQ)
|
| Updated Date / Time | The last time the status of the device changed. |
| Connecting Network | VLAN ID and Network ID of the network to which the MAC Address is connected. VLAN ID and Network ID are shown in the form of "vlan=VLAN ID" and "id=Network ID" respectively. When clicking a string after "id=", the Policy Settings > Update Network page is displayed. |
| Action Originator | Shows the name of a system which requests the device authentication or running action on the device. |
| Action Reason | Shows a reason which is provided by the Action Originator. If the action is triggered by a notification from an interacting application, contents of the notification syslog message or SNMP trap message is shown. |
NoteIn AW+ AMF Application Proxy, the firmware version of both the proxy node and the edge node must be 5.5.0-0.x or later to display the "Action Originator" item and the "Action Reason" item.
| Item Name | Description |
|---|---|
| Page Top | |
| Back | Go back to the Active Device List page. |
| Refresh | Refresh the Active Device Detail page. |
19 Apr 2023 14:12