Cabletron Systems SEHI-22/24 manual Security on Non-LANVIEWSECUREHubs, Forced non-secure status

Page 69

Security

Forced non-secure status

With the original version of LANVIEWSECURE, all ports except those which had been forced to trunk status could be locked, and would be locked automatically if locking were enabled at the repeater or hub level. With the enhanced version of LANVIEWSECURE, this has changed in two ways: first, any port which has more than 35 addresses in its source address table (or exactly 35 addresses through two consecutive ageing times) is automatically considered unsecurable and cannot be locked while in this state; and second, you can force any port into this unsecurable state (as long as it is not already locked).

Learned addresses reset

By selecting the Reset Learned Addresses option in the repeater-, board-, or port- level Security window, you can clear all learned and secured addresses out of the selected port(s) address table, and allow that port to begin learning (and securing) new addresses. Note that you cannot reset learned addresses on a locked port or on a port which is designated unsecurable.

NOTE

You cannot reset learned addresses or force non-secure status on a port which is already locked; in order to implement either of those features, you must first unlock the port.

Security on Non-LANVIEWSECUREHubs

LANVIEWSECURE features as described above apply in total only to hubs designated as LANVIEWSECURE (as indicated by a label on the front panel and an “S” appended to the hub name). Some of the enhanced security features, however, will apply to all hubs installed in your SEHI-controlled hubstack, regardless of their LANVIEW SECURE status:

New definitions for station and trunk ports

All ports in your SEHI-controlled hubstack will be defined as station or trunk ports according to the new definitions: station ports are those detecting zero, one, or two source addresses; trunk ports are those detecting three or more.

Secure address assignment

Up to two source addresses detected on any station port are still automatically secured, and you can still accept or replace these default addresses. However, you cannot assign more than two secure addresses to any port (as there is no floating cache available), and neither natural nor forced trunk ports will ever be locked while in a trunk state.

Configurable violation response

You can still choose to allow ports to remain enabled even after an unsecured address has attempted to access a locked port. If you choose not to disable a port which has experienced a violation, however, the port’s only response to an

What is LANVIEWsecure?

6-5

Page 68 Page 70
Image 69
Page 68 Page 70
Contents Complete Networking Solution Page Virus Disclaimer Applicable to licenses to the United States Government only Restricted Rights NoticeContents Chapter Source Addressing Chapter Repeater RedundancyChapter Security Appendix a Sehi MIB StructureIntroduction to Spma For the SEHI-22/24 and SEHI-32/34 Using the Sehi User’s GuideUsing the Sehi User’s Guide Conventions What’s not in the Sehi User’s GuideScreen Displays Introduction to Spma for the SEHI-22/24 and SEHI-32/34 Button Using the MouseFTP Getting HelpSehi Firmware Page Using the Hub View Using the Sehi Hub ViewHub View Front Panel Navigating Through the Hub ViewDate and Time UptimeDevice Name LocationUsing the Sehi Hub View Using the Mouse in the Hub View Ports Display Port Display Form Hub View Port Color CodesMonitoring Hub Performance Port Display Form ErrorsLoad CollisionsPort Type Frame SizesChecking Device Status and Updating Front Panel Info Name and LocationContact Checking Module Status Chassis TypeName Checking Repeater Status Active UsersModule Type Link Status Checking Port StatusMedia Type StatusTopology Type Checking StatisticsTotal Packets Received BytesAvg Packet Size Broadcast PacketsAlignment Errors Total ErrorsCRC Errors Multicast PacketsGiant Frames Runt FramesProtocols Viewing the Port Source Address ListManaging the Hub Contact Status Setting the Polling IntervalsDevice General Status Enabling/Disabling PortsDevice Configuration Port Operational StateUsing the Sehi Hub View Using the Sehi Hub View Managing the Hub Link/Seg Traps What is a Segmentation Trap?What is a Link Trap? Enabling and Disabling Link/Seg TrapsFrom the icon From the Hub View From the command line stand-alone modeViewing and Configuring Link/Seg Traps for Hub Modules Configuring Link/Seg Traps for the RepeaterModule Traps Window Viewing and Configuring Link/Seg Traps for PortsPort Traps Window Repeater Redundancy Setting Network Circuit RedundancySpmarun r4red IP address community name Configuring a Redundant CircuitChannel X Redundancy Window Add Circuit Address Window To set the Poll Interval Monitoring RedundancyClick in the All Circuits box Displaying the Source Address List Source AddressingDisplaying the Source Address List Source Addressing Setting the Ageing Time Setting the Hash TypeLocking Source Addresses Source Address Locking on Older Devices Configuring Source Address Traps Module- and Port-level Traps Device-level TrapsSource Addressing Source Addressing Port Source Address Traps Window Finding a Source AddressFind Source Address Window Click on to exit the window Source Addressing Finding a Source Address Security Spmarun r4sec IP address SU community name What is LANVIEWSECURE?New definitions for station and trunk ports Secure address assignmentTrunk port security Continuous learning mode Newest Lanviewsecure FeaturesConfigurable violation response Full or partial security against eavesdroppingLearned addresses reset Security on Non-LANVIEWSECUREHubsForced non-secure status Configuring Security Security To assign secure addresses to a port Addresses Window Add MAC Address Window Resetting Learned AddressesTips for Successfully Implementing Eavesdropper Protection Enabling Security and Traps Repeater-level Security and Traps Channel a Security Window Hub-level Security and TrapsChannel a Module Security Window Port-level Security and TrapsChannel a Port Security Window Security Security Enabling Security and Traps Ietf MIB Support Sehi MIB StructureSehi Chassis MGR Sehi IP Services Sehi Host ServicesBrief Word About MIB Components and Community Names Repeater OneSehi MIB Structure Sehi MIB Structure Index Index-2 Index-3 Index Index-4

SEHI-22/24, SEHI-32/34 specifications

Cabletron Systems was a notable player in the networking hardware market during the rise of local area networks (LANs) in the late 20th century. Among its innovative products were the SEHI-22/24 and SEHI-32/34 modules, which were designed to enhance network capabilities in enterprise environments.

The SEHI-22/24 and SEHI-32/34 were versatile high-performance Ethernet switch modules that offered significant advantages in network management and connectivity. These modules were designed to work with Cabletron's modular switching and routing architecture, allowing for scalable solutions tailored to specific network demands. A key feature of the SEHI series was its support for a range of Ethernet standards, ensuring compatibility with diverse networking environments.

One notable characteristic of the SEHI-22/24 was its ability to support both 10Base-T and 100Base-TX Ethernet technologies. This dual support enabled organizations to leverage existing 10 Mbps infrastructure while facilitating upgrades to 100 Mbps speeds without needing a complete overhaul of the network. Similarly, the SEHI-32/34 offered even greater connectivity options, accommodating more users and devices while maintaining high throughput and low latency.

In terms of management features, the SEHI series was equipped with extensive traffic management capabilities, including Quality of Service (QoS) features that prioritized bandwidth for critical applications. This ensured that essential services such as voice over IP (VoIP) and video conferencing could function optimally, even during heavy network loads.

Furthermore, both modules featured advanced diagnostics and monitoring tools that provided network administrators with critical insights into traffic patterns and potential bottlenecks. This functionality was essential for maintaining network health and optimizing performance, especially in dynamic business environments.

Security also played a crucial role in the design of the SEHI-22/24 and SEHI-32/34. The modules incorporated support for various authentication methods and access controls, ensuring that sensitive data remained protected within the corporate network.

In summary, Cabletron Systems’ SEHI-22/24 and SEHI-32/34 offered significant advancements in Ethernet switching technology, allowing organizations to build robust, scalable, and secure networks. With their impressive features, compatibility, and capacity for management and security, these modules were instrumental in shaping reliable networking solutions for enterprises navigating the rapidly evolving digital landscape.
Top Page Image Contents