Cabletron Systems EMM-E6 manual Source Address Locking on Older Devices

Page 80

Source Addressing

NOTE

Remember, you must have SuperUser (SU) access to the device in order to lock or unlock ports.

In addition to activating the security measures as conﬁgured via the Security application, locking source addresses has the following effects:

•On devices running older versions of ﬁrmware, unlinked ports will be disabled immediately after locking has been enabled; these ports can be re- enabled using their port menus, but they will immediately be disabled again if a device is connected and begins transmitting (since the port’s source address table was locked in an empty state). On devices with newer ﬁrmware, unlinked ports are not automatically disabled in response to port locking, but they, too, will be immediately disabled if a device is connected and attempts to transmit packets.

•Although the Source Aging Interval does not apply to station ports when Source Address Locking is enabled, the snapshot of the SAT provided by the Source Address List window may show a learned source address aging out if that address remains inactive, and the appropriate trap will be generated.

•Once Source Address Locking has been enabled, each port’s topology status (station or trunk) remains ﬁxed and will not change while locking remains enabled, regardless of any changes in the number of source addresses detected.

•If Source Address Locking has been enabled, and one or more ports have been shut down because a new source address attempted access, those ports will remain disabled even after the EMM-E6 has been reset, and must be re-enabled manually.

Source Address Locking on Older Devices

If your EMM-E6 is running a ﬁrmware version previous to 2.00.16, Source

Address Locking is implemented somewhat differently:

•Station ports are deﬁned as those detecting zero or one source address; trunk ports as those detecting two or more.

•If a locked station port experiences a violation, the port will be automatically disabled and no trafﬁc will be allowed through — not even trafﬁc from the known source address.

•Trunk ports are never locked.

•Unlinked ports are immediately disabled.

•The Source Aging Interval does not apply to locked station ports.

6-6	Locking Source Addresses

Image 80

Contents EMM-E6 Page Virus Disclaimer Restricted Rights Notice Contents Chapter Source Addressing Chapter SecurityChapter Front Panel Redundancy Appendix a EMM-E6 MIB StructureContents Using the EMM-E6 User’s Guide IntroductionUsing the EMM-E6 User’s Guide What’s not in the EMM-E6 User’s Guide UPSConventions Screen Displays Window ConventionsUsing the Mouse ButtonGetting Help EMM-E6 Firmware Year 2000 ComplianceUsing the EMM-E6 Hub View Using the Hub ViewNavigating Through the Hub View Hub View Front PanelUptime Date and TimeDevice Name Device LocationUsing the EMM-E6 Hub View EMM-E6 Ports Display Using the Mouse in a Hub View Module Brim PortsHub View Port Color Codes Port Display FormMonitoring Hub Performance Port Display Form Errors LoadTrafﬁc CollisionsPort Type ProtocolsFrame Sizes Using the EMM-E6 Hub View Contact Checking Device Status and Updating Front Panel InfoName and Location Checking Network Status Chassis TypeName Active UsersChecking Module Status Module TypeChecking Port Status Link StatusStatus Media TypeViewing the IP Address Table Topology TypeLaunching the Global Find MAC Address Tool Checking StatisticsUsing the EMM-E6 Hub View Received Bytes Total PacketsAvg Packet Size Broadcast PacketsTotal Errors Alignment ErrorsCRC Errors OOW CollisionsRunt Frames Giant FramesViewing the Port Source Address List Protocols/Frames StatisticsUsing the EMM-E6 Hub View Setting the Polling Intervals Managing the HubContact Status Device General StatusConﬁguring FNB Connections Device ConﬁgurationPort Operational State StatisticsConﬁguring RIC MIM Connections To conﬁgure FNB connectivity for an individual port Setting a Port’s Trunk Type 15. Tpxmim Channel Selection WindowTo change a port’s topology status Enabling/Disabling MIM Ports Alarm Conﬁguration Using Alarm Conﬁguration From the command line stand-alone modeFrom the icon From the Hub ViewConﬁguring Alarms CRCSetting Repeater Alarms BroadcastSetting and Changing Alarms Set Repeater Alarms WindowSetting Module and Port Alarms Setting Module AlarmsSet Module Alarms Window Set the Status to EnabledSetting Port Alarms Set Port Alarms WindowSet the Status to Enabled Alarm Conﬁguration Setting Module and Port Alarms What is a Segmentation Trap? Link/Seg TrapsWhat is a Link Trap? Enabling and Disabling Link/Seg TrapsSpmarun r4hwtr IP address community name Conﬁguring Link/Seg Traps for the Repeater Viewing and Conﬁguring Link/Seg Traps for Hub ModulesModule Traps Window Viewing and Conﬁguring Link/Seg Traps for Ports Port Traps WindowLink/Seg Traps Link/Seg Traps Enabling and Disabling Link/Seg Traps Setting Network Circuit Redundancy Repeater RedundancyConﬁguring a Redundant Circuit Spmarun r4red IP address community nameChannel X Redundancy Window Add Circuit Address Window Repeater Redundancy Monitoring Redundancy To set the Poll IntervalSource Addressing Displaying the Source Address ListDisplaying the Source Address List Source Addressing Setting the Hash Type Setting the Aging TimeLocking Source Addresses Source Address Locking on Older Devices Conﬁguring Source Address Traps Repeater-level Traps Module- and Port-level Traps Source Addressing Finding a Source Address Port Source Address Traps WindowClick on to exit the window Security What is LANVIEWSECURE? Spmarun r4sec IP address SU community nameTrunk port security New deﬁnitions for station and trunk portsSecure address assignment Newest Lanviewsecure Features Continuous learning modeConﬁgurable violation response Full or partial security against eavesdroppingForced non-secure status Learned addresses resetSecurity on Non-LANVIEWSECUREMIMs Conﬁguring Security Security To assign secure addresses to a port Addresses Window Boards with Multiple Caches Add MAC Address WindowResetting Learned Addresses Tips for Successfully Implementing Eavesdropper ProtectionEnabling Security and Traps Security Repeater-level Security and Traps Channel X Security WindowModule-level Security and Traps Channel X Module Security Window Port-level Security and Traps Channel X Port Security WindowSecurity Setting Front Panel Redundancy Front Panel RedundancySetting Front Panel Redundancy Add Circuit Address Window Front Panel Redundancy Setting Front Panel Redundancy Ietf MIB Support EMM-E6 MIB StructureMIB Components Chassis MGRHost Services IP ServicesRepeater One, Repeater Two, and Repeater Three Ctron Use OnlyRmon Default Distributed LAN MonitorMIB Navigator Rmon HostBrief Word About MIB Components and Community Names EMM-E6 MIB Structure Index Index-2 Index-3 Index Index-4

Related manuals

Manual 64 pages 974 b