Cabletron Systems EMM-E6 manual To assign secure addresses to a port

Page 94

Security

2.In the On Violation field, click to selectdisable if you want the port or ports to be disabled if any unauthorized source address is detected, or select noDisable if you wish the port to remain operational after a violation. Note that selecting the noDisable option effectively removes intruder protection from the selected ports: a trap will be sent after the first violation, but all packets, regardless of source address, will be allowed to pass. Ports in this state still have active eavesdropper protection.

NOTE

Any ports which are disabled in response to a violation will remain disabled even after the EMM-E6 has been reset, and must be re-enabled manually. See Enabling /Disabling MIM Ports in Chapter 2 for more information.

3.The Security Level field allows you to select which packets not addressed to the selected ports will be scrambled: click to select partial if you wish to scramble the data portion of all packets except broadcasts and multicasts; select full if you wish to scramble broadcasts and multicasts as well. Note that scrambling can only be applied to LANVIEWSECURE MIMs operating on channels B or C; this field will be grayed out if one or more non- LANVIEWSECURE MIM ports has been selected in the list box.

4.Use the Force NonSecure field to designate which ports should be securable (that is, lockable) and which should be unsecurable. By definition, any LANVIEWSECURE port with more than 35 addresses in its source address table (or exactly 35 for two consecutive aging times) is unsecurable, as are any non-LANVIEWSECUREports with more than 3 addresses (or exactly 3 for two consecutive aging times). Unsecurable ports — whether forced or natural

— cannot be locked, and will be designated in the list box as Unsecurable.

NOTE

You cannot force a port to Unsecurable status if it is already locked.

5.Click on to save your changes; the new Security Level and violation response settings will be displayed in the list box.

To assign secure addresses to a port:

1.Click to select a single port in the list box; the button will be activated.

2.Click on ; the Addresses window, Figure 7-3, will appear.

7-8

Configuring Security

Image 94
Contents EMM-E6 Page Virus Disclaimer Restricted Rights Notice Contents Chapter Source Addressing Chapter SecurityChapter Front Panel Redundancy Appendix a EMM-E6 MIB StructureContents Using the EMM-E6 User’s Guide IntroductionUsing the EMM-E6 User’s Guide What’s not in the EMM-E6 User’s Guide UPSConventions Screen Displays Window ConventionsUsing the Mouse ButtonGetting Help EMM-E6 Firmware Year 2000 ComplianceUsing the EMM-E6 Hub View Using the Hub ViewNavigating Through the Hub View Hub View Front PanelDevice Name UptimeDate and Time Device LocationUsing the EMM-E6 Hub View EMM-E6 Ports Display Using the Mouse in a Hub View Module Brim PortsHub View Port Color Codes Port Display FormMonitoring Hub Performance Port Display Form Traffic ErrorsLoad CollisionsFrame Sizes ProtocolsPort Type Using the EMM-E6 Hub View Name and Location Checking Device Status and Updating Front Panel InfoContact Checking Network Status Chassis TypeName Active UsersChecking Module Status Module TypeChecking Port Status Link StatusStatus Media TypeViewing the IP Address Table Topology TypeLaunching the Global Find MAC Address Tool Checking StatisticsUsing the EMM-E6 Hub View Avg Packet Size Received BytesTotal Packets Broadcast PacketsCRC Errors Total ErrorsAlignment Errors OOW CollisionsRunt Frames Giant FramesViewing the Port Source Address List Protocols/Frames StatisticsUsing the EMM-E6 Hub View Setting the Polling Intervals Managing the HubContact Status Device General StatusPort Operational State Configuring FNB ConnectionsDevice Configuration StatisticsConfiguring RIC MIM Connections To configure FNB connectivity for an individual port Setting a Port’s Trunk Type 15. Tpxmim Channel Selection WindowTo change a port’s topology status Enabling/Disabling MIM Ports Alarm Configuration From the icon Using Alarm ConfigurationFrom the command line stand-alone mode From the Hub ViewConfiguring Alarms CRCSetting Repeater Alarms BroadcastSetting and Changing Alarms Set Repeater Alarms WindowSetting Module and Port Alarms Setting Module AlarmsSet Module Alarms Window Set the Status to EnabledSetting Port Alarms Set Port Alarms WindowSet the Status to Enabled Alarm Configuration Setting Module and Port Alarms What is a Segmentation Trap? Link/Seg TrapsWhat is a Link Trap? Enabling and Disabling Link/Seg TrapsSpmarun r4hwtr IP address community name Configuring Link/Seg Traps for the Repeater Viewing and Configuring Link/Seg Traps for Hub ModulesModule Traps Window Viewing and Configuring Link/Seg Traps for Ports Port Traps WindowLink/Seg Traps Link/Seg Traps Enabling and Disabling Link/Seg Traps Setting Network Circuit Redundancy Repeater RedundancyConfiguring a Redundant Circuit Spmarun r4red IP address community nameChannel X Redundancy Window Add Circuit Address Window Repeater Redundancy Monitoring Redundancy To set the Poll IntervalSource Addressing Displaying the Source Address ListDisplaying the Source Address List Source Addressing Setting the Hash Type Setting the Aging TimeLocking Source Addresses Source Address Locking on Older Devices Configuring Source Address Traps Repeater-level Traps Module- and Port-level Traps Source Addressing Finding a Source Address Port Source Address Traps WindowClick on to exit the window Security What is LANVIEWSECURE? Spmarun r4sec IP address SU community nameSecure address assignment New definitions for station and trunk portsTrunk port security Configurable violation response Newest Lanviewsecure FeaturesContinuous learning mode Full or partial security against eavesdroppingSecurity on Non-LANVIEWSECUREMIMs Learned addresses resetForced non-secure status Configuring Security Security To assign secure addresses to a port Addresses Window Boards with Multiple Caches Add MAC Address WindowResetting Learned Addresses Tips for Successfully Implementing Eavesdropper ProtectionEnabling Security and Traps Security Repeater-level Security and Traps Channel X Security WindowModule-level Security and Traps Channel X Module Security Window Port-level Security and Traps Channel X Port Security WindowSecurity Setting Front Panel Redundancy Front Panel RedundancySetting Front Panel Redundancy Add Circuit Address Window Front Panel Redundancy Setting Front Panel Redundancy Ietf MIB Support EMM-E6 MIB StructureMIB Components Chassis MGRRepeater One, Repeater Two, and Repeater Three Host ServicesIP Services Ctron Use OnlyMIB Navigator Rmon DefaultDistributed LAN Monitor Rmon HostBrief Word About MIB Components and Community Names EMM-E6 MIB Structure Index Index-2 Index-3 Index Index-4
Related manuals
Manual 64 pages 974 b