Cabletron Systems EMM-E6 manual Security

Page 99

Security

A newSourceAddress trap is generated when a station port — one receiving packets from zero, one, or two source addresses — receives a packet from a source address that is not currently in its source address table. Information included in this trap includes the board number, port number, and source address associated with the trap. Trunk ports — those receiving packets from three or more source addresses — will not issue newSourceAddress traps.

A sourceAddressTimeout trap is issued anytime a source address is aged out of the Source Address Table due to inactivity. The trap’s interesting information includes the board and port index, and the source address that timed out. (See Setting the Aging Time in Chapter 6, Source Addressing, for more information.)

All other source address traps (portTypeChanged, lockStatusChanged, portSecurityViolation, and portViolationReset, all defined in Chapter 6, Source Addressing) will continue to be generated as appropriate, as will the security- specific traps:

A secureStateChange trap indicates that a port has changed from a securable state to an unsecurable state, or vice versa; the interesting information includes board and port index.

A learnStateChange trap indicates that a port has had its learned addresses reset. Interesting information includes board and port index, and current learn state. Note that SPMA always maintains ports in a learn state, and just resets that learn state to achieve a reset of existing learned and secure addresses.

A learnModeChange trap is issued when a port is set to continuous lock mode; interesting information includes board and port index, and current learn mode.

When setting these parameters at the various levels, keep in mind that the most recent setting will override the existing status: for example, if you lock one or more ports at the port level, then unlock them at the module level, all ports on the module will be unlocked. Similarly, if you enable traps at the module level, then disable them at the repeater level, traps will be disabled for all ports on the repeater.

NOTE

Enabling and disabling locking from the Source Address application (described in Chapter 6) will implement all applicable security features as they have been configured via the port-level Security window. Note that locking ports from the Source Address window implements Full lock status by default; however, this will not override the status of any ports which have already been set to Continuous lock mode.

Enabling and disabling traps from the Source Address window also has the same effect as enabling or disabling them from the Security application. Keep in mind, however, that SPMA does not accept the trap messages; that task is left to your network management system. (See the appropriate network management system documentation for details about viewing trap messages.) Note, too, that no traps will be sent by the EMM-E6 unless its trap table has been properly configured; see the EMM-E6 hardware manual and/or the Trap Table chapter in the SPMA Tools Guide for more information.

Enabling Security and Traps

7-13

Page 98 Page 100
Image 99
Page 98 Page 100
Contents EMM-E6 Page Virus Disclaimer Restricted Rights Notice Contents Chapter Security Chapter Source AddressingAppendix a EMM-E6 MIB Structure Chapter Front Panel RedundancyContents Introduction Using the EMM-E6 User’s GuideUsing the EMM-E6 User’s Guide UPS What’s not in the EMM-E6 User’s GuideConventions Window Conventions Screen DisplaysButton Using the MouseGetting Help Year 2000 Compliance EMM-E6 FirmwareUsing the Hub View Using the EMM-E6 Hub ViewHub View Front Panel Navigating Through the Hub ViewDevice Location UptimeDate and Time Device NameUsing the EMM-E6 Hub View EMM-E6 Ports Display Brim Ports Using the Mouse in a Hub View ModulePort Display Form Hub View Port Color CodesMonitoring Hub Performance Port Display Form Collisions ErrorsLoad TrafficProtocols Frame SizesPort Type Using the EMM-E6 Hub View Checking Device Status and Updating Front Panel Info Name and LocationContact Chassis Type Checking Network StatusActive Users NameModule Type Checking Module StatusLink Status Checking Port StatusMedia Type StatusTopology Type Viewing the IP Address TableChecking Statistics Launching the Global Find MAC Address ToolUsing the EMM-E6 Hub View Broadcast Packets Received BytesTotal Packets Avg Packet SizeOOW Collisions Total ErrorsAlignment Errors CRC ErrorsGiant Frames Runt FramesProtocols/Frames Statistics Viewing the Port Source Address ListUsing the EMM-E6 Hub View Managing the Hub Setting the Polling IntervalsDevice General Status Contact StatusStatistics Configuring FNB ConnectionsDevice Configuration Port Operational StateConfiguring RIC MIM Connections To configure FNB connectivity for an individual port 15. Tpxmim Channel Selection Window Setting a Port’s Trunk TypeTo change a port’s topology status Enabling/Disabling MIM Ports Alarm Configuration From the Hub View Using Alarm ConfigurationFrom the command line stand-alone mode From the iconCRC Configuring AlarmsBroadcast Setting Repeater AlarmsSet Repeater Alarms Window Setting and Changing AlarmsSetting Module Alarms Setting Module and Port AlarmsSet the Status to Enabled Set Module Alarms WindowSet Port Alarms Window Setting Port AlarmsSet the Status to Enabled Alarm Configuration Setting Module and Port Alarms Link/Seg Traps What is a Segmentation Trap?Enabling and Disabling Link/Seg Traps What is a Link Trap?Spmarun r4hwtr IP address community name Viewing and Configuring Link/Seg Traps for Hub Modules Configuring Link/Seg Traps for the RepeaterModule Traps Window Port Traps Window Viewing and Configuring Link/Seg Traps for PortsLink/Seg Traps Link/Seg Traps Enabling and Disabling Link/Seg Traps Repeater Redundancy Setting Network Circuit RedundancySpmarun r4red IP address community name Configuring a Redundant CircuitChannel X Redundancy Window Add Circuit Address Window Repeater Redundancy To set the Poll Interval Monitoring RedundancyDisplaying the Source Address List Source AddressingDisplaying the Source Address List Source Addressing Setting the Aging Time Setting the Hash TypeLocking Source Addresses Source Address Locking on Older Devices Configuring Source Address Traps Repeater-level Traps Module- and Port-level Traps Source Addressing Port Source Address Traps Window Finding a Source AddressClick on to exit the window Security Spmarun r4sec IP address SU community name What is LANVIEWSECURE?New definitions for station and trunk ports Secure address assignmentTrunk port security Full or partial security against eavesdropping Newest Lanviewsecure FeaturesContinuous learning mode Configurable violation responseLearned addresses reset Security on Non-LANVIEWSECUREMIMsForced non-secure status Configuring Security Security To assign secure addresses to a port Addresses Window Add MAC Address Window Boards with Multiple CachesTips for Successfully Implementing Eavesdropper Protection Resetting Learned AddressesEnabling Security and Traps Security Channel X Security Window Repeater-level Security and TrapsModule-level Security and Traps Channel X Module Security Window Channel X Port Security Window Port-level Security and TrapsSecurity Front Panel Redundancy Setting Front Panel RedundancySetting Front Panel Redundancy Add Circuit Address Window Front Panel Redundancy Setting Front Panel Redundancy EMM-E6 MIB Structure Ietf MIB SupportChassis MGR MIB ComponentsCtron Use Only Host ServicesIP Services Repeater One, Repeater Two, and Repeater ThreeRmon Host Rmon DefaultDistributed LAN Monitor MIB NavigatorBrief Word About MIB Components and Community Names EMM-E6 MIB Structure Index Index-2 Index-3 Index Index-4
Related manuals
Manual 64 pages 974 b
Top Page Image Contents