Cabletron Systems SEHI-32/34 manual Newest Lanviewsecure Features, Configurable violation response

Page 68

Security

If your SEHI is running firmware more recent than 1.05.01 and previous to 2.10.xx, you

TIP will not have the ability to force a port to unsecurable status; however, for firmware versions in that range, ports which have been forced to trunk status will not be locked, so you can use the force trunk feature to render a port unsecurable if you wish.

Configurable violation response

Before LANVIEW SECURE, any locked port which experienced a violation was shut down automatically; now, you can choose to allow ports to remain enabled even after an unsecured address has attempted to access a locked port. If you choose not to disable a port which has experienced a violation, however, the port’s only response to an intruder will be to issue a trap after the first violation; all packets, regardless of source address, will be allowed to pass. Ports in this state still have active eavesdropper protection (see definition below), and all packets addressed to any destination other than the secured address(es) will be scrambled.

Full or partial security against eavesdropping

In addition to the enhanced intruder protection features described above, LANVIEWSECURE provides protection against eavesdroppers by scrambling the data portion of each packet to all ports except the port on which the destination address has been secured — in other words, the only port that will receive the packet in an unscrambled (readable) format is the port to which the packet was addressed. Two levels of eavesdropper protection are provided: full security scrambles all packets not specifically destined to the secured port, including broadcasts and multicasts; partial security scrambles only unicast packets.

The Newest LANVIEWSECURE Features

Additional LANVIEWSECURE features available on the newest firmware versions (SEHI 2.10.xx and higher) include:

Continuous learning mode

When configuring security on the newest LANVIEWSECURE devices, you can now choose between two levels of lock status: Full lock status, which behaves as locking has always done, and Continuous lock status, which essentially disables intruder protection by allowing the port to continue to learn new source addresses even when in a locked state. In this state, eavesdropper protection is still active, and will adjust so that packets addressed to the current learned address for a secured port are not scrambled.

NOTE

Locking ports from a Source Address window automatically provides Full lock status; however, locking ports from the repeater- or hub-level Source Address window does not override any existing Continuous lock status settings.

6-4

What is LANVIEWsecure?

Image 68
Contents Complete Networking Solution Page Virus Disclaimer Restricted Rights Notice Applicable to licenses to the United States Government onlyContents Chapter Repeater Redundancy Chapter Source AddressingChapter Security Appendix a Sehi MIB StructureUsing the Sehi User’s Guide Introduction to Spma For the SEHI-22/24 and SEHI-32/34Using the Sehi User’s Guide Screen Displays ConventionsWhat’s not in the Sehi User’s Guide Introduction to Spma for the SEHI-22/24 and SEHI-32/34 Using the Mouse ButtonGetting Help FTPSehi Firmware Page Using the Sehi Hub View Using the Hub ViewNavigating Through the Hub View Hub View Front PanelUptime Date and TimeDevice Name LocationUsing the Sehi Hub View Using the Mouse in the Hub View Ports Display Hub View Port Color Codes Port Display FormMonitoring Hub Performance Errors Port Display FormLoad CollisionsFrame Sizes Port TypeContact Checking Device Status and Updating Front Panel InfoName and Location Name Checking Module StatusChassis Type Module Type Checking Repeater StatusActive Users Checking Port Status Link StatusStatus Media TypeChecking Statistics Topology TypeReceived Bytes Total PacketsAvg Packet Size Broadcast PacketsTotal Errors Alignment ErrorsCRC Errors Multicast PacketsRunt Frames Giant FramesViewing the Port Source Address List ProtocolsManaging the Hub Setting the Polling Intervals Contact StatusEnabling/Disabling Ports Device General StatusDevice Configuration Port Operational StateUsing the Sehi Hub View Using the Sehi Hub View Managing the Hub What is a Segmentation Trap? Link/Seg TrapsFrom the icon What is a Link Trap?Enabling and Disabling Link/Seg Traps From the command line stand-alone mode From the Hub ViewConfiguring Link/Seg Traps for the Repeater Viewing and Configuring Link/Seg Traps for Hub ModulesViewing and Configuring Link/Seg Traps for Ports Module Traps WindowPort Traps Window Setting Network Circuit Redundancy Repeater RedundancyConfiguring a Redundant Circuit Spmarun r4red IP address community nameChannel X Redundancy Window Add Circuit Address Window Monitoring Redundancy To set the Poll IntervalClick in the All Circuits box Source Addressing Displaying the Source Address ListDisplaying the Source Address List Source Addressing Setting the Hash Type Setting the Ageing TimeLocking Source Addresses Source Address Locking on Older Devices Configuring Source Address Traps Device-level Traps Module- and Port-level TrapsSource Addressing Source Addressing Finding a Source Address Port Source Address Traps WindowFind Source Address Window Click on to exit the window Source Addressing Finding a Source Address Security What is LANVIEWSECURE? Spmarun r4sec IP address SU community nameTrunk port security New definitions for station and trunk portsSecure address assignment Newest Lanviewsecure Features Continuous learning modeConfigurable violation response Full or partial security against eavesdroppingForced non-secure status Learned addresses resetSecurity on Non-LANVIEWSECUREHubs Configuring Security Security To assign secure addresses to a port Addresses Window Resetting Learned Addresses Add MAC Address WindowTips for Successfully Implementing Eavesdropper Protection Enabling Security and Traps Repeater-level Security and Traps Hub-level Security and Traps Channel a Security WindowPort-level Security and Traps Channel a Module Security WindowChannel a Port Security Window Security Security Enabling Security and Traps Sehi Chassis MGR Ietf MIB SupportSehi MIB Structure Sehi Host Services Sehi IP ServicesBrief Word About MIB Components and Community Names Repeater OneSehi MIB Structure Sehi MIB Structure Index Index-2 Index-3 Index Index-4

SEHI-22/24, SEHI-32/34 specifications

Cabletron Systems was a notable player in the networking hardware market during the rise of local area networks (LANs) in the late 20th century. Among its innovative products were the SEHI-22/24 and SEHI-32/34 modules, which were designed to enhance network capabilities in enterprise environments.

The SEHI-22/24 and SEHI-32/34 were versatile high-performance Ethernet switch modules that offered significant advantages in network management and connectivity. These modules were designed to work with Cabletron's modular switching and routing architecture, allowing for scalable solutions tailored to specific network demands. A key feature of the SEHI series was its support for a range of Ethernet standards, ensuring compatibility with diverse networking environments.

One notable characteristic of the SEHI-22/24 was its ability to support both 10Base-T and 100Base-TX Ethernet technologies. This dual support enabled organizations to leverage existing 10 Mbps infrastructure while facilitating upgrades to 100 Mbps speeds without needing a complete overhaul of the network. Similarly, the SEHI-32/34 offered even greater connectivity options, accommodating more users and devices while maintaining high throughput and low latency.

In terms of management features, the SEHI series was equipped with extensive traffic management capabilities, including Quality of Service (QoS) features that prioritized bandwidth for critical applications. This ensured that essential services such as voice over IP (VoIP) and video conferencing could function optimally, even during heavy network loads.

Furthermore, both modules featured advanced diagnostics and monitoring tools that provided network administrators with critical insights into traffic patterns and potential bottlenecks. This functionality was essential for maintaining network health and optimizing performance, especially in dynamic business environments.

Security also played a crucial role in the design of the SEHI-22/24 and SEHI-32/34. The modules incorporated support for various authentication methods and access controls, ensuring that sensitive data remained protected within the corporate network.

In summary, Cabletron Systems’ SEHI-22/24 and SEHI-32/34 offered significant advancements in Ethernet switching technology, allowing organizations to build robust, scalable, and secure networks. With their impressive features, compatibility, and capacity for management and security, these modules were instrumental in shaping reliable networking solutions for enterprises navigating the rapidly evolving digital landscape.