Cabletron Systems SEHI-32/34, SEHI-22/24 manual Source Address Locking on Older Devices

Page 56

Source Addressing

NOTE

Remember, you must have SuperUser (SU) access to the device in order to lock or unlock ports.

In addition to activating the security measures as configured via the Security application, locking source addresses has the following effects:

On devices running older versions of firmware, unlinked ports will be disabled immediately after locking has been enabled; these ports can be re- enabled using their port menus, but they will immediately be disabled again if a device is connected and begins transmitting (since the port’s source address table was locked in an empty state). On devices with newer firmware, unlinked ports are not automatically disabled in response to port locking, but they, too, will be immediately disabled if a device is connected and attempts to transmit packets.

Although the Source Ageing Interval does not apply to station ports when Source Address Locking is enabled, the snapshot of the SAT provided by the Source Address List window may show a learned source address ageing out if that address remains inactive, and the appropriate trap will be generated.

Once Source Address Locking has been enabled, each port’s topology status (station or trunk) remains fixed and will not change while locking remains enabled, regardless of any changes in the number of source addresses detected.

If Source Address Locking has been enabled, and one or more ports have been shut down because a new source address attempted access, those ports will remain disabled even after the SEHI has been reset, and must be re-enabled manually.

Source Address Locking on Older Devices

If your SEHI is running a firmware version previous to 1.05.01, Source Address Locking is implemented somewhat differently:

Station ports are defined as those detecting zero or one source address; trunk ports as those detecting two or more.

If a locked station port experiences a violation, the port will be automatically disabled and no traffic will be allowed through — not even traffic from the known source address.

Trunk ports are never locked.

Unlinked ports are immediately disabled.

The Source Ageing Interval does not apply to locked station ports.

5-6

Locking Source Addresses

Page 55 Page 57
Image 56
Page 55 Page 57
Contents Complete Networking Solution Page Virus Disclaimer Restricted Rights Notice Applicable to licenses to the United States Government onlyContents Chapter Repeater Redundancy Chapter Source AddressingChapter Security Appendix a Sehi MIB StructureUsing the Sehi User’s Guide Introduction to Spma For the SEHI-22/24 and SEHI-32/34Using the Sehi User’s Guide Screen Displays ConventionsWhat’s not in the Sehi User’s Guide Introduction to Spma for the SEHI-22/24 and SEHI-32/34 Using the Mouse ButtonGetting Help FTPSehi Firmware Page Using the Sehi Hub View Using the Hub ViewNavigating Through the Hub View Hub View Front PanelUptime Date and TimeDevice Name LocationUsing the Sehi Hub View Using the Mouse in the Hub View Ports Display Hub View Port Color Codes Port Display FormMonitoring Hub Performance Errors Port Display FormLoad CollisionsFrame Sizes Port TypeContact Checking Device Status and Updating Front Panel InfoName and Location Name Checking Module StatusChassis Type Module Type Checking Repeater StatusActive Users Checking Port Status Link StatusStatus Media TypeChecking Statistics Topology TypeReceived Bytes Total PacketsAvg Packet Size Broadcast PacketsTotal Errors Alignment ErrorsCRC Errors Multicast PacketsRunt Frames Giant FramesViewing the Port Source Address List ProtocolsManaging the Hub Setting the Polling Intervals Contact StatusEnabling/Disabling Ports Device General StatusDevice Configuration Port Operational StateUsing the Sehi Hub View Using the Sehi Hub View Managing the Hub What is a Segmentation Trap? Link/Seg TrapsFrom the icon What is a Link Trap?Enabling and Disabling Link/Seg Traps From the command line stand-alone mode From the Hub ViewConfiguring Link/Seg Traps for the Repeater Viewing and Configuring Link/Seg Traps for Hub ModulesViewing and Configuring Link/Seg Traps for Ports Module Traps WindowPort Traps Window Setting Network Circuit Redundancy Repeater RedundancyConfiguring a Redundant Circuit Spmarun r4red IP address community nameChannel X Redundancy Window Add Circuit Address Window Monitoring Redundancy To set the Poll IntervalClick in the All Circuits box Source Addressing Displaying the Source Address ListDisplaying the Source Address List Source Addressing Setting the Hash Type Setting the Ageing TimeLocking Source Addresses Source Address Locking on Older Devices Configuring Source Address Traps Device-level Traps Module- and Port-level TrapsSource Addressing Source Addressing Finding a Source Address Port Source Address Traps WindowFind Source Address Window Click on to exit the window Source Addressing Finding a Source Address Security What is LANVIEWSECURE? Spmarun r4sec IP address SU community nameTrunk port security New definitions for station and trunk portsSecure address assignment Newest Lanviewsecure Features Continuous learning modeConfigurable violation response Full or partial security against eavesdroppingForced non-secure status Learned addresses resetSecurity on Non-LANVIEWSECUREHubs Configuring Security Security To assign secure addresses to a port Addresses Window Resetting Learned Addresses Add MAC Address WindowTips for Successfully Implementing Eavesdropper Protection Enabling Security and Traps Repeater-level Security and Traps Hub-level Security and Traps Channel a Security WindowPort-level Security and Traps Channel a Module Security WindowChannel a Port Security Window Security Security Enabling Security and Traps Sehi Chassis MGR Ietf MIB SupportSehi MIB Structure Sehi Host Services Sehi IP ServicesBrief Word About MIB Components and Community Names Repeater OneSehi MIB Structure Sehi MIB Structure Index Index-2 Index-3 Index Index-4
Top Page Image Contents