Cabletron Systems EMM-E6 manual Security on Non-LANVIEWSECUREMIMs, Forced non-secure status

Page 91

Security

Forced non-secure status

With the original version of LANVIEWSECURE, all ports except those which had been forced to trunk status could be locked, and would be locked automatically if locking were enabled at the repeater or module level. With the enhanced version of LANVIEWSECURE, this has changed in two ways: first, any port which has more than 35 addresses in its source address table (or exactly 35 addresses through two consecutive aging times) is automatically considered unsecurable and cannot be locked while in this state; and second, you can force any port into this unsecurable state (as long as it is not already locked).

Learned addresses reset

By selecting the Reset Learned Addresses option in the repeater-, board-, or port- level Security window, you can clear all learned and secured addresses out of the selected port(s) address table, and allow that port to begin learning (and securing) new addresses. Note that you cannot reset learned addresses on a locked port or on a port which is designated unsecurable.

NOTE

You cannot reset learned addresses or force non-secure status on a port which is already locked; in order to implement either of those features, you must first unlock the port.

Security on Non-LANVIEWSECUREMIMs

LANVIEWSECURE features as described above apply in total only to repeater MIMs designated as LANVIEWSECURE (as indicated by a label on the front panel and an “S” appended to the module name) and apply only to ports communicating via FNB channels B or C. Some of the enhanced security features, however, will apply to all MIMs installed in your EMM-E6-controlled hub, regardless of their channel assignment or LANVIEWSECURE status:

New definitions for station and trunk ports

All ports in your EMM-E6-controlled hub will be defined as station or trunk ports according to the new definitions: station ports are those detecting zero, one, or two source addresses; trunk ports are those detecting three or more.

Secure address assignment

Up to two source addresses detected on any station port are still automatically secured, and you can still accept or replace these default addresses. However, you cannot assign more than two secure addresses to any port (as there is no floating cache available), and neither natural nor forced trunk ports will ever be locked while in a trunk state.

What is LANVIEWsecure?

7-5

Page 90 Page 92
Image 91
Page 90 Page 92
Contents EMM-E6 Page Virus Disclaimer Restricted Rights Notice Contents Chapter Security Chapter Source AddressingAppendix a EMM-E6 MIB Structure Chapter Front Panel RedundancyContents Introduction Using the EMM-E6 User’s GuideUsing the EMM-E6 User’s Guide UPS What’s not in the EMM-E6 User’s GuideConventions Window Conventions Screen DisplaysButton Using the MouseGetting Help Year 2000 Compliance EMM-E6 FirmwareUsing the Hub View Using the EMM-E6 Hub ViewHub View Front Panel Navigating Through the Hub ViewDevice Location UptimeDate and Time Device NameUsing the EMM-E6 Hub View EMM-E6 Ports Display Brim Ports Using the Mouse in a Hub View ModulePort Display Form Hub View Port Color CodesMonitoring Hub Performance Port Display Form Collisions ErrorsLoad TrafficFrame Sizes ProtocolsPort Type Using the EMM-E6 Hub View Name and Location Checking Device Status and Updating Front Panel InfoContact Chassis Type Checking Network StatusActive Users NameModule Type Checking Module StatusLink Status Checking Port StatusMedia Type StatusTopology Type Viewing the IP Address TableChecking Statistics Launching the Global Find MAC Address ToolUsing the EMM-E6 Hub View Broadcast Packets Received BytesTotal Packets Avg Packet SizeOOW Collisions Total ErrorsAlignment Errors CRC ErrorsGiant Frames Runt FramesProtocols/Frames Statistics Viewing the Port Source Address ListUsing the EMM-E6 Hub View Managing the Hub Setting the Polling IntervalsDevice General Status Contact StatusStatistics Configuring FNB ConnectionsDevice Configuration Port Operational StateConfiguring RIC MIM Connections To configure FNB connectivity for an individual port 15. Tpxmim Channel Selection Window Setting a Port’s Trunk TypeTo change a port’s topology status Enabling/Disabling MIM Ports Alarm Configuration From the Hub View Using Alarm ConfigurationFrom the command line stand-alone mode From the iconCRC Configuring AlarmsBroadcast Setting Repeater AlarmsSet Repeater Alarms Window Setting and Changing AlarmsSetting Module Alarms Setting Module and Port AlarmsSet the Status to Enabled Set Module Alarms WindowSet Port Alarms Window Setting Port AlarmsSet the Status to Enabled Alarm Configuration Setting Module and Port Alarms Link/Seg Traps What is a Segmentation Trap?Enabling and Disabling Link/Seg Traps What is a Link Trap?Spmarun r4hwtr IP address community name Viewing and Configuring Link/Seg Traps for Hub Modules Configuring Link/Seg Traps for the RepeaterModule Traps Window Port Traps Window Viewing and Configuring Link/Seg Traps for PortsLink/Seg Traps Link/Seg Traps Enabling and Disabling Link/Seg Traps Repeater Redundancy Setting Network Circuit RedundancySpmarun r4red IP address community name Configuring a Redundant CircuitChannel X Redundancy Window Add Circuit Address Window Repeater Redundancy To set the Poll Interval Monitoring RedundancyDisplaying the Source Address List Source AddressingDisplaying the Source Address List Source Addressing Setting the Aging Time Setting the Hash TypeLocking Source Addresses Source Address Locking on Older Devices Configuring Source Address Traps Repeater-level Traps Module- and Port-level Traps Source Addressing Port Source Address Traps Window Finding a Source AddressClick on to exit the window Security Spmarun r4sec IP address SU community name What is LANVIEWSECURE?Secure address assignment New definitions for station and trunk portsTrunk port security Full or partial security against eavesdropping Newest Lanviewsecure FeaturesContinuous learning mode Configurable violation responseSecurity on Non-LANVIEWSECUREMIMs Learned addresses resetForced non-secure status Configuring Security Security To assign secure addresses to a port Addresses Window Add MAC Address Window Boards with Multiple CachesTips for Successfully Implementing Eavesdropper Protection Resetting Learned AddressesEnabling Security and Traps Security Channel X Security Window Repeater-level Security and TrapsModule-level Security and Traps Channel X Module Security Window Channel X Port Security Window Port-level Security and TrapsSecurity Front Panel Redundancy Setting Front Panel RedundancySetting Front Panel Redundancy Add Circuit Address Window Front Panel Redundancy Setting Front Panel Redundancy EMM-E6 MIB Structure Ietf MIB SupportChassis MGR MIB ComponentsCtron Use Only Host ServicesIP Services Repeater One, Repeater Two, and Repeater ThreeRmon Host Rmon DefaultDistributed LAN Monitor MIB NavigatorBrief Word About MIB Components and Community Names EMM-E6 MIB Structure Index Index-2 Index-3 Index Index-4
Related manuals
Manual 64 pages 974 b
Top Page Image Contents