Cabletron Systems EMM-E6 manual Resetting Learned Addresses

Page 97

Security

Resetting Learned Addresses

You can clear all learned and secured addresses out of a port’s address table, and allow that port to begin learning (and securing) new addresses, as follows:

1.In the Repeater Security window, click mouse button 1 on the repeater interface for which you would like to reset learned addresses.

2.Click mouse button 1 on , , or to open the appropriate window.

3.In the Module or Port window, click to select the module(s) or port(s) for which you wish to reset learned addresses.

NOTE

You cannot reset learned addresses for any port which is already locked or in an unsecurable state (either natural or forced). If you select a group of ports which includes one in a locked or unsecurable state, or if you select a module or a repeater which has a port in one of these states, the Reset Learned Addresses option will be unavailable.

4.Click to select the Reset Learned Addresses option. A confirmation window

will appear; click on to reset addresses, or on to cancel. The port’s address table will be cleared of all Learned and Secure addresses, and the learning process will restart.

Tips for Successfully Implementing Eavesdropper Protection

There are a couple of things to note about eavesdropper protection, or scrambling, that must be taken into consideration as you are planning security for your network.

Security can only be implemented by locking a port, and can only be completely disabled by unlocking the port. You cannot enable intruder protection on a LANVIEWSECURE MIM without also enabling eavesdropper protection. You can, however, effectively enable eavesdropper protection alone by selecting the noDisable option for the violation response; selecting noDisable basically eliminates intruder protection, as all packets will be allowed to pass regardless of their source address. (Note, however, that the port will issue a trap after the first violation.) You can also enable eavesdropper protection without intruder protection by selecting the Continuous lock mode; see Enabling Security and Traps, page 7-12, for details.

When locking has been enabled for a channel, packets travelling across the inter-RIC bus on the FNB backplane between MIMs operating on that channel will be scrambled to all but the destination port, and security operates as you would expect it to. However, packets are always transmitted clean to the EMM-E6’s bridge ports, so any packets transmitted to another channel will be

Configuring Security

7-11

Page 96 Page 98
Image 97
Page 96 Page 98
Contents EMM-E6 Page Virus Disclaimer Restricted Rights Notice Contents Chapter Security Chapter Source AddressingAppendix a EMM-E6 MIB Structure Chapter Front Panel RedundancyContents Introduction Using the EMM-E6 User’s GuideUsing the EMM-E6 User’s Guide UPS What’s not in the EMM-E6 User’s GuideConventions Window Conventions Screen DisplaysButton Using the MouseGetting Help Year 2000 Compliance EMM-E6 FirmwareUsing the Hub View Using the EMM-E6 Hub ViewHub View Front Panel Navigating Through the Hub ViewDate and Time UptimeDevice Name Device LocationUsing the EMM-E6 Hub View EMM-E6 Ports Display Brim Ports Using the Mouse in a Hub View ModulePort Display Form Hub View Port Color CodesMonitoring Hub Performance Port Display Form Load ErrorsTraffic CollisionsFrame Sizes ProtocolsPort Type Using the EMM-E6 Hub View Name and Location Checking Device Status and Updating Front Panel InfoContact Chassis Type Checking Network StatusActive Users NameModule Type Checking Module StatusLink Status Checking Port StatusMedia Type StatusTopology Type Viewing the IP Address TableChecking Statistics Launching the Global Find MAC Address ToolUsing the EMM-E6 Hub View Total Packets Received BytesAvg Packet Size Broadcast PacketsAlignment Errors Total ErrorsCRC Errors OOW CollisionsGiant Frames Runt FramesProtocols/Frames Statistics Viewing the Port Source Address ListUsing the EMM-E6 Hub View Managing the Hub Setting the Polling IntervalsDevice General Status Contact StatusDevice Configuration Configuring FNB ConnectionsPort Operational State StatisticsConfiguring RIC MIM Connections To configure FNB connectivity for an individual port 15. Tpxmim Channel Selection Window Setting a Port’s Trunk TypeTo change a port’s topology status Enabling/Disabling MIM Ports Alarm Configuration From the command line stand-alone mode Using Alarm ConfigurationFrom the icon From the Hub ViewCRC Configuring AlarmsBroadcast Setting Repeater AlarmsSet Repeater Alarms Window Setting and Changing AlarmsSetting Module Alarms Setting Module and Port AlarmsSet the Status to Enabled Set Module Alarms WindowSet Port Alarms Window Setting Port AlarmsSet the Status to Enabled Alarm Configuration Setting Module and Port Alarms Link/Seg Traps What is a Segmentation Trap?Enabling and Disabling Link/Seg Traps What is a Link Trap?Spmarun r4hwtr IP address community name Viewing and Configuring Link/Seg Traps for Hub Modules Configuring Link/Seg Traps for the RepeaterModule Traps Window Port Traps Window Viewing and Configuring Link/Seg Traps for PortsLink/Seg Traps Link/Seg Traps Enabling and Disabling Link/Seg Traps Repeater Redundancy Setting Network Circuit RedundancySpmarun r4red IP address community name Configuring a Redundant CircuitChannel X Redundancy Window Add Circuit Address Window Repeater Redundancy To set the Poll Interval Monitoring RedundancyDisplaying the Source Address List Source AddressingDisplaying the Source Address List Source Addressing Setting the Aging Time Setting the Hash TypeLocking Source Addresses Source Address Locking on Older Devices Configuring Source Address Traps Repeater-level Traps Module- and Port-level Traps Source Addressing Port Source Address Traps Window Finding a Source AddressClick on to exit the window Security Spmarun r4sec IP address SU community name What is LANVIEWSECURE?Secure address assignment New definitions for station and trunk portsTrunk port security Continuous learning mode Newest Lanviewsecure FeaturesConfigurable violation response Full or partial security against eavesdroppingSecurity on Non-LANVIEWSECUREMIMs Learned addresses resetForced non-secure status Configuring Security Security To assign secure addresses to a port Addresses Window Add MAC Address Window Boards with Multiple CachesTips for Successfully Implementing Eavesdropper Protection Resetting Learned AddressesEnabling Security and Traps Security Channel X Security Window Repeater-level Security and TrapsModule-level Security and Traps Channel X Module Security Window Channel X Port Security Window Port-level Security and TrapsSecurity Front Panel Redundancy Setting Front Panel RedundancySetting Front Panel Redundancy Add Circuit Address Window Front Panel Redundancy Setting Front Panel Redundancy EMM-E6 MIB Structure Ietf MIB SupportChassis MGR MIB ComponentsIP Services Host ServicesRepeater One, Repeater Two, and Repeater Three Ctron Use OnlyDistributed LAN Monitor Rmon DefaultMIB Navigator Rmon HostBrief Word About MIB Components and Community Names EMM-E6 MIB Structure Index Index-2 Index-3 Index Index-4
Related manuals
Manual 64 pages 974 b
Top Page Image Contents