Cabletron Systems SEHI-22/24 New definitions for station and trunk ports, Trunk port security

Page 67

Security

secure port, and can be configured to secure both station and trunk ports; eavesdropper protection scrambles the data portion of any packet transmitted via a secure port to all but the destination port, and can be extended to broadcast and multicast packets as well as packets destined for a single address. Security is activated by enabling port locking; you can lock and unlock ports and enable or disable traps at the repeater-, hub-, and port-level Security windows, as well as via the Source Address windows (see Chapter 4, Source Addressing, for more information).

When you lock ports from a repeater-, hub,-, or port-level Security window, you have the

TIP option of setting two lock modes: Full or Continuous. When you lock ports via a Source Address window, the lock setting will default to the Full lock mode. See the section on Continuous Address Learning, below, or Enabling Security and Traps, page 6-12for more information on these two lock modes.

LANVIEWSECURE includes the following features:

New definitions for station and trunk ports

Under LANVIEWSECURE, station ports are now defined as those detecting zero, one, or two source addresses; trunk ports are defined as those detecting three or more.

Secure address assignment

The first two source addresses detected on any port are automatically secured for both station and trunk ports; you can accept these default addresses as your secure addresses, or you can replace them. In addition, each hub contains a floating cache that allows you to assign an additional 32 secure addresses among the ports of your choosing.

Trunk port security

When locking is enabled, all ports will be secured — including natural trunk ports. (Only ports which have been forced to trunk status will remain unlocked.) Before implementing locking on trunk ports, however, be sure you have secured the necessary source addresses; as with station ports, only the first two detected source addresses are secured by default.

For devices with the newest security firmware (SEHI 1.10.xx and higher), a port’s topology status — whether it is considered to be a station port or a trunk port — no longer determines its securability; securability is only determined by the number of source addresses in a port’s source address table: any port which detects fewer than 35 source addresses will be locked. Ports which exceed those numbers are designated “unsecurable,” and will be displayed as such in the port- level Security window; in addition, a new feature allows you to force any port to an unsecurable (that is, unlockable) state.

What is LANVIEWsecure?

6-3

Image 67
Contents Complete Networking Solution Page Virus Disclaimer Applicable to licenses to the United States Government only Restricted Rights NoticeContents Appendix a Sehi MIB Structure Chapter Repeater RedundancyChapter Source Addressing Chapter SecurityIntroduction to Spma For the SEHI-22/24 and SEHI-32/34 Using the Sehi User’s GuideUsing the Sehi User’s Guide What’s not in the Sehi User’s Guide ConventionsScreen Displays Introduction to Spma for the SEHI-22/24 and SEHI-32/34 Button Using the MouseFTP Getting HelpSehi Firmware Page Using the Hub View Using the Sehi Hub ViewHub View Front Panel Navigating Through the Hub ViewLocation UptimeDate and Time Device NameUsing the Sehi Hub View Using the Mouse in the Hub View Ports Display Port Display Form Hub View Port Color CodesMonitoring Hub Performance Collisions ErrorsPort Display Form LoadPort Type Frame SizesName and Location Checking Device Status and Updating Front Panel InfoContact Chassis Type Checking Module StatusName Active Users Checking Repeater StatusModule Type Link Status Checking Port StatusMedia Type StatusTopology Type Checking StatisticsBroadcast Packets Received BytesTotal Packets Avg Packet SizeMulticast Packets Total ErrorsAlignment Errors CRC ErrorsGiant Frames Runt FramesProtocols Viewing the Port Source Address ListManaging the Hub Contact Status Setting the Polling IntervalsPort Operational State Enabling/Disabling PortsDevice General Status Device ConfigurationUsing the Sehi Hub View Using the Sehi Hub View Managing the Hub Link/Seg Traps What is a Segmentation Trap?Enabling and Disabling Link/Seg Traps What is a Link Trap?From the icon From the Hub View From the command line stand-alone modeViewing and Configuring Link/Seg Traps for Hub Modules Configuring Link/Seg Traps for the RepeaterModule Traps Window Viewing and Configuring Link/Seg Traps for PortsPort Traps Window Repeater Redundancy Setting Network Circuit RedundancySpmarun r4red IP address community name Configuring a Redundant CircuitChannel X Redundancy Window Add Circuit Address Window To set the Poll Interval Monitoring RedundancyClick in the All Circuits box Displaying the Source Address List Source AddressingDisplaying the Source Address List Source Addressing Setting the Ageing Time Setting the Hash TypeLocking Source Addresses Source Address Locking on Older Devices Configuring Source Address Traps Module- and Port-level Traps Device-level TrapsSource Addressing Source Addressing Port Source Address Traps Window Finding a Source AddressFind Source Address Window Click on to exit the window Source Addressing Finding a Source Address Security Spmarun r4sec IP address SU community name What is LANVIEWSECURE?Secure address assignment New definitions for station and trunk portsTrunk port security Full or partial security against eavesdropping Newest Lanviewsecure FeaturesContinuous learning mode Configurable violation responseSecurity on Non-LANVIEWSECUREHubs Learned addresses resetForced non-secure status Configuring Security Security To assign secure addresses to a port Addresses Window Add MAC Address Window Resetting Learned AddressesTips for Successfully Implementing Eavesdropper Protection Enabling Security and Traps Repeater-level Security and Traps Channel a Security Window Hub-level Security and TrapsChannel a Module Security Window Port-level Security and TrapsChannel a Port Security Window Security Security Enabling Security and Traps Sehi MIB Structure Ietf MIB SupportSehi Chassis MGR Repeater One Sehi Host ServicesSehi IP Services Brief Word About MIB Components and Community NamesSehi MIB Structure Sehi MIB Structure Index Index-2 Index-3 Index Index-4

SEHI-22/24, SEHI-32/34 specifications

Cabletron Systems was a notable player in the networking hardware market during the rise of local area networks (LANs) in the late 20th century. Among its innovative products were the SEHI-22/24 and SEHI-32/34 modules, which were designed to enhance network capabilities in enterprise environments.

The SEHI-22/24 and SEHI-32/34 were versatile high-performance Ethernet switch modules that offered significant advantages in network management and connectivity. These modules were designed to work with Cabletron's modular switching and routing architecture, allowing for scalable solutions tailored to specific network demands. A key feature of the SEHI series was its support for a range of Ethernet standards, ensuring compatibility with diverse networking environments.

One notable characteristic of the SEHI-22/24 was its ability to support both 10Base-T and 100Base-TX Ethernet technologies. This dual support enabled organizations to leverage existing 10 Mbps infrastructure while facilitating upgrades to 100 Mbps speeds without needing a complete overhaul of the network. Similarly, the SEHI-32/34 offered even greater connectivity options, accommodating more users and devices while maintaining high throughput and low latency.

In terms of management features, the SEHI series was equipped with extensive traffic management capabilities, including Quality of Service (QoS) features that prioritized bandwidth for critical applications. This ensured that essential services such as voice over IP (VoIP) and video conferencing could function optimally, even during heavy network loads.

Furthermore, both modules featured advanced diagnostics and monitoring tools that provided network administrators with critical insights into traffic patterns and potential bottlenecks. This functionality was essential for maintaining network health and optimizing performance, especially in dynamic business environments.

Security also played a crucial role in the design of the SEHI-22/24 and SEHI-32/34. The modules incorporated support for various authentication methods and access controls, ensuring that sensitive data remained protected within the corporate network.

In summary, Cabletron Systems’ SEHI-22/24 and SEHI-32/34 offered significant advancements in Ethernet switching technology, allowing organizations to build robust, scalable, and secure networks. With their impressive features, compatibility, and capacity for management and security, these modules were instrumental in shaping reliable networking solutions for enterprises navigating the rapidly evolving digital landscape.