Cabletron Systems EMM-E6 manual Newest Lanviewsecure Features, Configurable violation response

Page 90

Security

If your EMM-E6 is running firmware more recent than 2.00.16 and previous to 3.11.xx,

TIP you will not have the ability to force a port to unsecurable status; however, for firmware versions in that range, ports which have been forced to trunk status will not be locked, so you can use the force trunk feature — available from the Hub View port menus — to render a port unsecurable if you wish.

Configurable violation response

Before LANVIEW SECURE, any locked port which experienced a violation was shut down automatically; now, you can choose to allow ports to remain enabled even after an unsecured address has attempted to access a locked port. If you choose not to disable a port which has experienced a violation, however, the port’s only response to an intruder will be to issue a trap after the first violation; all packets, regardless of source address, will be allowed to pass. Ports in this state still have active eavesdropper protection (see definition below), and all packets addressed to any destination other than the secured address(es) will be scrambled.

Full or partial security against eavesdropping

In addition to the enhanced intruder protection features described above, LANVIEWSECURE provides protection against eavesdroppers by scrambling the data portion of each packet to all ports except the port on which the destination address has been secured — in other words, the only port that will receive the packet in an unscrambled (readable) format is the port to which the packet was addressed. Two levels of eavesdropper protection are provided: full security scrambles all packets not specifically destined to the secured port, including broadcasts and multicasts; partial security scrambles only unicast packets.

The Newest LANVIEWSECURE Features

Additional LANVIEWSECURE features available on the newest firmware versions (3.11.xx) include:

Continuous learning mode

When configuring security on the newest LANVIEWSECURE devices, you can now choose between two levels of lock status: Full lock status, which behaves as locking has always done, and Continuous lock status, which essentially disables intruder protection by allowing the port to continue to learn new source addresses even when in a locked state. In this state, eavesdropper protection is still active, and will adjust so that packets addressed to the current learned address for a secured port are not scrambled.

NOTE

Locking ports from a Source Address window automatically provides Full lock status; however, locking ports from the repeater- or module-level Source Address window does not override any existing Continuous lock status settings.

7-4

What is LANVIEWsecure?

Page 89 Page 91
Image 90
Page 89 Page 91
Contents EMM-E6 Page Virus Disclaimer Restricted Rights Notice Contents Chapter Source Addressing Chapter SecurityChapter Front Panel Redundancy Appendix a EMM-E6 MIB StructureContents Using the EMM-E6 User’s Guide IntroductionUsing the EMM-E6 User’s Guide What’s not in the EMM-E6 User’s Guide UPSConventions Screen Displays Window ConventionsUsing the Mouse ButtonGetting Help EMM-E6 Firmware Year 2000 ComplianceUsing the EMM-E6 Hub View Using the Hub ViewNavigating Through the Hub View Hub View Front PanelDevice Name UptimeDate and Time Device LocationUsing the EMM-E6 Hub View EMM-E6 Ports Display Using the Mouse in a Hub View Module Brim PortsHub View Port Color Codes Port Display FormMonitoring Hub Performance Port Display Form Traffic ErrorsLoad CollisionsProtocols Frame SizesPort Type Using the EMM-E6 Hub View Checking Device Status and Updating Front Panel Info Name and LocationContact Checking Network Status Chassis TypeName Active UsersChecking Module Status Module TypeChecking Port Status Link StatusStatus Media TypeViewing the IP Address Table Topology TypeLaunching the Global Find MAC Address Tool Checking StatisticsUsing the EMM-E6 Hub View Avg Packet Size Received BytesTotal Packets Broadcast PacketsCRC Errors Total ErrorsAlignment Errors OOW CollisionsRunt Frames Giant FramesViewing the Port Source Address List Protocols/Frames StatisticsUsing the EMM-E6 Hub View Setting the Polling Intervals Managing the HubContact Status Device General StatusPort Operational State Configuring FNB ConnectionsDevice Configuration StatisticsConfiguring RIC MIM Connections To configure FNB connectivity for an individual port Setting a Port’s Trunk Type 15. Tpxmim Channel Selection WindowTo change a port’s topology status Enabling/Disabling MIM Ports Alarm Configuration From the icon Using Alarm ConfigurationFrom the command line stand-alone mode From the Hub ViewConfiguring Alarms CRCSetting Repeater Alarms BroadcastSetting and Changing Alarms Set Repeater Alarms WindowSetting Module and Port Alarms Setting Module AlarmsSet Module Alarms Window Set the Status to EnabledSetting Port Alarms Set Port Alarms WindowSet the Status to Enabled Alarm Configuration Setting Module and Port Alarms What is a Segmentation Trap? Link/Seg TrapsWhat is a Link Trap? Enabling and Disabling Link/Seg TrapsSpmarun r4hwtr IP address community name Configuring Link/Seg Traps for the Repeater Viewing and Configuring Link/Seg Traps for Hub ModulesModule Traps Window Viewing and Configuring Link/Seg Traps for Ports Port Traps WindowLink/Seg Traps Link/Seg Traps Enabling and Disabling Link/Seg Traps Setting Network Circuit Redundancy Repeater RedundancyConfiguring a Redundant Circuit Spmarun r4red IP address community nameChannel X Redundancy Window Add Circuit Address Window Repeater Redundancy Monitoring Redundancy To set the Poll IntervalSource Addressing Displaying the Source Address ListDisplaying the Source Address List Source Addressing Setting the Hash Type Setting the Aging TimeLocking Source Addresses Source Address Locking on Older Devices Configuring Source Address Traps Repeater-level Traps Module- and Port-level Traps Source Addressing Finding a Source Address Port Source Address Traps WindowClick on to exit the window Security What is LANVIEWSECURE? Spmarun r4sec IP address SU community nameNew definitions for station and trunk ports Secure address assignmentTrunk port security Configurable violation response Newest Lanviewsecure FeaturesContinuous learning mode Full or partial security against eavesdroppingLearned addresses reset Security on Non-LANVIEWSECUREMIMsForced non-secure status Configuring Security Security To assign secure addresses to a port Addresses Window Boards with Multiple Caches Add MAC Address WindowResetting Learned Addresses Tips for Successfully Implementing Eavesdropper ProtectionEnabling Security and Traps Security Repeater-level Security and Traps Channel X Security WindowModule-level Security and Traps Channel X Module Security Window Port-level Security and Traps Channel X Port Security WindowSecurity Setting Front Panel Redundancy Front Panel RedundancySetting Front Panel Redundancy Add Circuit Address Window Front Panel Redundancy Setting Front Panel Redundancy Ietf MIB Support EMM-E6 MIB StructureMIB Components Chassis MGRRepeater One, Repeater Two, and Repeater Three Host ServicesIP Services Ctron Use OnlyMIB Navigator Rmon DefaultDistributed LAN Monitor Rmon HostBrief Word About MIB Components and Community Names EMM-E6 MIB Structure Index Index-2 Index-3 Index Index-4
Related manuals
Manual 64 pages 974 b
Top Page Image Contents