Cabletron Systems EMM-E6 manual Enabling Security and Traps

Page 98

Security

transmitted clean to all ports on that channel unless security has been enabled there, too. Packets bridged to Channel A will always be transmitted clean to all ports, regardless of lock status; however, careful bridge configuration and prudent use of each port’s forwarding and blocking abilities can provide some measure of security in this case.

Security must be disabled on any port which is connected to an external bridge, or the bridge will discard all packets it receives as error packets (since the CRC is not recalculated after a packet is scrambled).

Security should also be disabled on any port which is supporting a trunk connection, unless you are sure that no more than 34 source addresses will attempt to use the port, and you have secured all necessary addresses. Note that, with the newest versions of security, a LANVIEWSECURE port that sees more than 35 addresses in its Source Address table (or exactly 35 addresses for two consecutive aging intervals) is considered unsecurable and cannot be locked.

Full security should not be implemented on any port which supports a name server or a bootp server, as those devices would not receive the broadcast and multicast messages they are designed to respond to (partial security — which does not scramble broadcasts or multicasts — will not affect their operation). Note that users who require responses to broadcast or multicast requests can still operate successfully if their ports are fully secured, as the reply to a broadcast has a single, specific destination address.

In general, scrambling is most effective when employed in a single chassis which contains only LANVIEWSECURE MIMs operating on channels B and/or C; remember, non-LANVIEWSECUREMIMs and any ports operating on Channel A do not support scrambling as part of their security functionality.

Enabling Security and Traps

You can enable or disable all applicable protections by locking or unlocking ports via the repeater, module, or port Security window, as described in the sections below. There are two levels of lock status to choose from: if you select Full lock status, the port will stop learning new source addresses, accept packets only from secured source addresses, employ either full or partial eavesdrop protection (as configured), and take the configured steps (send trap and/or disable port) if a violation occurs; if you select Continuous lock status, the port will implement the configured level of eavesdrop protection, but continue to learn source addresses and allow all packets to pass, effectively disabling intruder protection.

Enabling and disabling traps from the Security windows has the same effect as enabling and disabling them from the Source Address windows; you can enable and disable the following traps:

7-12

Enabling Security and Traps

Image 98
Contents EMM-E6 Page Virus Disclaimer Restricted Rights Notice Contents Chapter Source Addressing Chapter SecurityChapter Front Panel Redundancy Appendix a EMM-E6 MIB StructureContents Using the EMM-E6 User’s Guide IntroductionUsing the EMM-E6 User’s Guide What’s not in the EMM-E6 User’s Guide UPSConventions Screen Displays Window ConventionsUsing the Mouse ButtonGetting Help EMM-E6 Firmware Year 2000 ComplianceUsing the EMM-E6 Hub View Using the Hub ViewNavigating Through the Hub View Hub View Front PanelDevice Name UptimeDate and Time Device LocationUsing the EMM-E6 Hub View EMM-E6 Ports Display Using the Mouse in a Hub View Module Brim PortsHub View Port Color Codes Port Display FormMonitoring Hub Performance Port Display Form Traffic ErrorsLoad CollisionsPort Type ProtocolsFrame Sizes Using the EMM-E6 Hub View Contact Checking Device Status and Updating Front Panel InfoName and Location Checking Network Status Chassis TypeName Active UsersChecking Module Status Module TypeChecking Port Status Link StatusStatus Media TypeViewing the IP Address Table Topology TypeLaunching the Global Find MAC Address Tool Checking StatisticsUsing the EMM-E6 Hub View Avg Packet Size Received BytesTotal Packets Broadcast PacketsCRC Errors Total ErrorsAlignment Errors OOW CollisionsRunt Frames Giant FramesViewing the Port Source Address List Protocols/Frames StatisticsUsing the EMM-E6 Hub View Setting the Polling Intervals Managing the HubContact Status Device General StatusPort Operational State Configuring FNB ConnectionsDevice Configuration StatisticsConfiguring RIC MIM Connections To configure FNB connectivity for an individual port Setting a Port’s Trunk Type 15. Tpxmim Channel Selection WindowTo change a port’s topology status Enabling/Disabling MIM Ports Alarm Configuration From the icon Using Alarm ConfigurationFrom the command line stand-alone mode From the Hub ViewConfiguring Alarms CRCSetting Repeater Alarms BroadcastSetting and Changing Alarms Set Repeater Alarms WindowSetting Module and Port Alarms Setting Module AlarmsSet Module Alarms Window Set the Status to EnabledSetting Port Alarms Set Port Alarms WindowSet the Status to Enabled Alarm Configuration Setting Module and Port Alarms What is a Segmentation Trap? Link/Seg TrapsWhat is a Link Trap? Enabling and Disabling Link/Seg TrapsSpmarun r4hwtr IP address community name Configuring Link/Seg Traps for the Repeater Viewing and Configuring Link/Seg Traps for Hub ModulesModule Traps Window Viewing and Configuring Link/Seg Traps for Ports Port Traps WindowLink/Seg Traps Link/Seg Traps Enabling and Disabling Link/Seg Traps Setting Network Circuit Redundancy Repeater RedundancyConfiguring a Redundant Circuit Spmarun r4red IP address community nameChannel X Redundancy Window Add Circuit Address Window Repeater Redundancy Monitoring Redundancy To set the Poll IntervalSource Addressing Displaying the Source Address ListDisplaying the Source Address List Source Addressing Setting the Hash Type Setting the Aging TimeLocking Source Addresses Source Address Locking on Older Devices Configuring Source Address Traps Repeater-level Traps Module- and Port-level Traps Source Addressing Finding a Source Address Port Source Address Traps WindowClick on to exit the window Security What is LANVIEWSECURE? Spmarun r4sec IP address SU community nameTrunk port security New definitions for station and trunk portsSecure address assignment Configurable violation response Newest Lanviewsecure FeaturesContinuous learning mode Full or partial security against eavesdroppingForced non-secure status Learned addresses resetSecurity on Non-LANVIEWSECUREMIMs Configuring Security Security To assign secure addresses to a port Addresses Window Boards with Multiple Caches Add MAC Address WindowResetting Learned Addresses Tips for Successfully Implementing Eavesdropper ProtectionEnabling Security and Traps Security Repeater-level Security and Traps Channel X Security WindowModule-level Security and Traps Channel X Module Security Window Port-level Security and Traps Channel X Port Security WindowSecurity Setting Front Panel Redundancy Front Panel RedundancySetting Front Panel Redundancy Add Circuit Address Window Front Panel Redundancy Setting Front Panel Redundancy Ietf MIB Support EMM-E6 MIB StructureMIB Components Chassis MGRRepeater One, Repeater Two, and Repeater Three Host ServicesIP Services Ctron Use OnlyMIB Navigator Rmon DefaultDistributed LAN Monitor Rmon HostBrief Word About MIB Components and Community Names EMM-E6 MIB Structure Index Index-2 Index-3 Index Index-4
Related manuals
Manual 64 pages 974 b