Cabletron Systems EMM-E6 New definitions for station and trunk ports, Secure address assignment

Page 89

Security

When the LANVIEWSECURE feature is enabled, it provides two kinds of protection: intruder protection will prevent any unauthorized source addresses from communicating with the network via a secure port, and can be configured to secure both station and trunk ports; eavesdropper protection scrambles the data portion of any packet transmitted via a secure port to all but the destination port, and can be extended to broadcast and multicast packets as well as packets destined for a single address. Security is activated by enabling port locking; you can lock and unlock ports and enable or disable traps at the repeater-, module-, and port-level Security windows, as well as via the Source Address windows (see Chapter 6, Source Address, for more information).

When you lock ports from a repeater-, module,-, or port-level Security window, you have

TIP the option of setting two lock modes: Full or Continuous. When you lock ports via a Source Address window, the lock setting will default to the Full lock mode. See the section on Continuous Address Learning, below, or Enabling Security and Traps, page 7-12, for more information on these two lock modes.

LANVIEWSECURE includes the following features:

New definitions for station and trunk ports

Under LANVIEWSECURE, station ports are now defined as those detecting zero, one, or two source addresses; trunk ports are defined as those detecting three or more.

Secure address assignment

The first two source addresses detected on any port are automatically secured for both station and trunk ports; you can accept these default addresses as your secure addresses, or you can replace them. In addition, each board contains a floating cache that allows you to assign an additional 32 secure addresses among the ports of your choosing. Some boards even provide multiple caches; see Boards with Multiple Caches, below.

Trunk port security

When locking is enabled, all ports will be secured — including natural trunk ports. (Only ports which have been forced to trunk status will remain unlocked.) Before implementing locking on trunk ports, however, be sure you have secured the necessary source addresses; as with station ports, only the first two detected source addresses are secured by default.

For devices with the newest security firmware (3.11.xx), a port’s topology status

whether it is considered to be a station port or a trunk port — no longer determines its securability; securability is only determined by the number of source addresses in a port’s source address table: any port which detects fewer than 35 source addresses will be locked. Ports which exceed those numbers are designated “unsecurable,” and will be displayed as such in the port-level Security window; in addition, a new feature allows you to force any port to an unsecurable (that is, unlockable) state.

What is LANVIEWsecure?

7-3

Page 88 Page 90
Image 89
Page 88 Page 90
Contents EMM-E6 Page Virus Disclaimer Restricted Rights Notice Contents Chapter Security Chapter Source AddressingAppendix a EMM-E6 MIB Structure Chapter Front Panel RedundancyContents Introduction Using the EMM-E6 User’s GuideUsing the EMM-E6 User’s Guide UPS What’s not in the EMM-E6 User’s GuideConventions Window Conventions Screen DisplaysButton Using the MouseGetting Help Year 2000 Compliance EMM-E6 FirmwareUsing the Hub View Using the EMM-E6 Hub ViewHub View Front Panel Navigating Through the Hub ViewDate and Time UptimeDevice Name Device LocationUsing the EMM-E6 Hub View EMM-E6 Ports Display Brim Ports Using the Mouse in a Hub View ModulePort Display Form Hub View Port Color CodesMonitoring Hub Performance Port Display Form Load ErrorsTraffic CollisionsPort Type ProtocolsFrame Sizes Using the EMM-E6 Hub View Contact Checking Device Status and Updating Front Panel InfoName and Location Chassis Type Checking Network StatusActive Users NameModule Type Checking Module StatusLink Status Checking Port StatusMedia Type StatusTopology Type Viewing the IP Address TableChecking Statistics Launching the Global Find MAC Address ToolUsing the EMM-E6 Hub View Total Packets Received BytesAvg Packet Size Broadcast PacketsAlignment Errors Total ErrorsCRC Errors OOW CollisionsGiant Frames Runt FramesProtocols/Frames Statistics Viewing the Port Source Address ListUsing the EMM-E6 Hub View Managing the Hub Setting the Polling IntervalsDevice General Status Contact StatusDevice Configuration Configuring FNB ConnectionsPort Operational State StatisticsConfiguring RIC MIM Connections To configure FNB connectivity for an individual port 15. Tpxmim Channel Selection Window Setting a Port’s Trunk TypeTo change a port’s topology status Enabling/Disabling MIM Ports Alarm Configuration From the command line stand-alone mode Using Alarm ConfigurationFrom the icon From the Hub ViewCRC Configuring AlarmsBroadcast Setting Repeater AlarmsSet Repeater Alarms Window Setting and Changing AlarmsSetting Module Alarms Setting Module and Port AlarmsSet the Status to Enabled Set Module Alarms WindowSet Port Alarms Window Setting Port AlarmsSet the Status to Enabled Alarm Configuration Setting Module and Port Alarms Link/Seg Traps What is a Segmentation Trap?Enabling and Disabling Link/Seg Traps What is a Link Trap?Spmarun r4hwtr IP address community name Viewing and Configuring Link/Seg Traps for Hub Modules Configuring Link/Seg Traps for the RepeaterModule Traps Window Port Traps Window Viewing and Configuring Link/Seg Traps for PortsLink/Seg Traps Link/Seg Traps Enabling and Disabling Link/Seg Traps Repeater Redundancy Setting Network Circuit RedundancySpmarun r4red IP address community name Configuring a Redundant CircuitChannel X Redundancy Window Add Circuit Address Window Repeater Redundancy To set the Poll Interval Monitoring RedundancyDisplaying the Source Address List Source AddressingDisplaying the Source Address List Source Addressing Setting the Aging Time Setting the Hash TypeLocking Source Addresses Source Address Locking on Older Devices Configuring Source Address Traps Repeater-level Traps Module- and Port-level Traps Source Addressing Port Source Address Traps Window Finding a Source AddressClick on to exit the window Security Spmarun r4sec IP address SU community name What is LANVIEWSECURE?Trunk port security New definitions for station and trunk portsSecure address assignment Continuous learning mode Newest Lanviewsecure FeaturesConfigurable violation response Full or partial security against eavesdroppingForced non-secure status Learned addresses resetSecurity on Non-LANVIEWSECUREMIMs Configuring Security Security To assign secure addresses to a port Addresses Window Add MAC Address Window Boards with Multiple CachesTips for Successfully Implementing Eavesdropper Protection Resetting Learned AddressesEnabling Security and Traps Security Channel X Security Window Repeater-level Security and TrapsModule-level Security and Traps Channel X Module Security Window Channel X Port Security Window Port-level Security and TrapsSecurity Front Panel Redundancy Setting Front Panel RedundancySetting Front Panel Redundancy Add Circuit Address Window Front Panel Redundancy Setting Front Panel Redundancy EMM-E6 MIB Structure Ietf MIB SupportChassis MGR MIB ComponentsIP Services Host ServicesRepeater One, Repeater Two, and Repeater Three Ctron Use OnlyDistributed LAN Monitor Rmon DefaultMIB Navigator Rmon HostBrief Word About MIB Components and Community Names EMM-E6 MIB Structure Index Index-2 Index-3 Index Index-4
Related manuals
Manual 64 pages 974 b
Top Page Image Contents