Cabletron Systems SEHI-22/24 manual Tips for Successfully Implementing Eavesdropper Protection

Page 75

Security

4.Click to select the Reset Learned Addresses option. A confirmation window

will appear; click on to reset addresses, or on to cancel. The port’s address table will be cleared of all Learned and Secure addresses, and the learning process will restart.

Tips for Successfully Implementing Eavesdropper Protection

There are a couple of things to note about eavesdropper protection, or scrambling, that must be taken into consideration as you are planning security for your network.

Security can only be implemented by locking a port, and can only be completely disabled by unlocking the port. You cannot enable intruder protection on a LANVIEWSECURE hub without also enabling eavesdropper protection. You can, however, effectively enable eavesdropper protection alone by selecting the noDisable option for the violation response; selecting noDisable basically eliminates intruder protection, as all packets will be allowed to pass regardless of their source address. (Note, however, that the port will issue a trap after the first violation.) You can also enable eavesdropper protection without intruder protection by selecting the Continuous lock mode; see Enabling Security and Traps, page 6-12, for details.

Security must be disabled on any port which is connected to an external bridge, or the bridge will discard all packets it receives as error packets (since the CRC is not recalculated after a packet is scrambled).

Security should also be disabled on any port which is supporting a trunk connection, unless you are sure that no more than 34 source addresses will attempt to use the port, and you have secured all necessary addresses. Note that, with the newest versions of security, a LANVIEWSECURE port that sees more than 35 addresses in its Source Address table (or exactly 35 addresses for two consecutive ageing intervals) is considered unsecurable and cannot be locked.

Full security should not be implemented on any port which supports a Name Server or a BootP server, as those devices would not receive the broadcast and multicast messages they are designed to respond to (partial security — which does not scramble broadcasts or multicasts — will not affect their operation). Note that users who require responses to broadcast or multicast requests can still operate successfully if their ports are fully secured, as the reply to a broadcast has a single, specific destination address.

In general, scrambling is most effective when employed in a single hubstack which contains only LANVIEWSECURE hubs; remember, non-LANVIEWSECUREhubs do not support scrambling as part of their security functionality.

Configuring Security

6-11

Image 75
Contents Complete Networking Solution Page Virus Disclaimer Applicable to licenses to the United States Government only Restricted Rights NoticeContents Appendix a Sehi MIB Structure Chapter Repeater RedundancyChapter Source Addressing Chapter SecurityIntroduction to Spma For the SEHI-22/24 and SEHI-32/34 Using the Sehi User’s GuideUsing the Sehi User’s Guide Conventions What’s not in the Sehi User’s GuideScreen Displays Introduction to Spma for the SEHI-22/24 and SEHI-32/34 Button Using the MouseFTP Getting HelpSehi Firmware Page Using the Hub View Using the Sehi Hub ViewHub View Front Panel Navigating Through the Hub ViewLocation UptimeDate and Time Device NameUsing the Sehi Hub View Using the Mouse in the Hub View Ports Display Port Display Form Hub View Port Color CodesMonitoring Hub Performance Collisions ErrorsPort Display Form LoadPort Type Frame SizesChecking Device Status and Updating Front Panel Info Name and LocationContact Checking Module Status Chassis TypeName Checking Repeater Status Active UsersModule Type Link Status Checking Port StatusMedia Type StatusTopology Type Checking StatisticsBroadcast Packets Received BytesTotal Packets Avg Packet SizeMulticast Packets Total ErrorsAlignment Errors CRC ErrorsGiant Frames Runt FramesProtocols Viewing the Port Source Address ListManaging the Hub Contact Status Setting the Polling IntervalsPort Operational State Enabling/Disabling PortsDevice General Status Device ConfigurationUsing the Sehi Hub View Using the Sehi Hub View Managing the Hub Link/Seg Traps What is a Segmentation Trap?What is a Link Trap? Enabling and Disabling Link/Seg TrapsFrom the icon From the Hub View From the command line stand-alone modeViewing and Configuring Link/Seg Traps for Hub Modules Configuring Link/Seg Traps for the RepeaterModule Traps Window Viewing and Configuring Link/Seg Traps for PortsPort Traps Window Repeater Redundancy Setting Network Circuit RedundancySpmarun r4red IP address community name Configuring a Redundant CircuitChannel X Redundancy Window Add Circuit Address Window To set the Poll Interval Monitoring RedundancyClick in the All Circuits box Displaying the Source Address List Source AddressingDisplaying the Source Address List Source Addressing Setting the Ageing Time Setting the Hash TypeLocking Source Addresses Source Address Locking on Older Devices Configuring Source Address Traps Module- and Port-level Traps Device-level TrapsSource Addressing Source Addressing Port Source Address Traps Window Finding a Source AddressFind Source Address Window Click on to exit the window Source Addressing Finding a Source Address Security Spmarun r4sec IP address SU community name What is LANVIEWSECURE?New definitions for station and trunk ports Secure address assignmentTrunk port security Full or partial security against eavesdropping Newest Lanviewsecure FeaturesContinuous learning mode Configurable violation responseLearned addresses reset Security on Non-LANVIEWSECUREHubsForced non-secure status Configuring Security Security To assign secure addresses to a port Addresses Window Add MAC Address Window Resetting Learned AddressesTips for Successfully Implementing Eavesdropper Protection Enabling Security and Traps Repeater-level Security and Traps Channel a Security Window Hub-level Security and TrapsChannel a Module Security Window Port-level Security and TrapsChannel a Port Security Window Security Security Enabling Security and Traps Ietf MIB Support Sehi MIB StructureSehi Chassis MGR Repeater One Sehi Host ServicesSehi IP Services Brief Word About MIB Components and Community NamesSehi MIB Structure Sehi MIB Structure Index Index-2 Index-3 Index Index-4

SEHI-22/24, SEHI-32/34 specifications

Cabletron Systems was a notable player in the networking hardware market during the rise of local area networks (LANs) in the late 20th century. Among its innovative products were the SEHI-22/24 and SEHI-32/34 modules, which were designed to enhance network capabilities in enterprise environments.

The SEHI-22/24 and SEHI-32/34 were versatile high-performance Ethernet switch modules that offered significant advantages in network management and connectivity. These modules were designed to work with Cabletron's modular switching and routing architecture, allowing for scalable solutions tailored to specific network demands. A key feature of the SEHI series was its support for a range of Ethernet standards, ensuring compatibility with diverse networking environments.

One notable characteristic of the SEHI-22/24 was its ability to support both 10Base-T and 100Base-TX Ethernet technologies. This dual support enabled organizations to leverage existing 10 Mbps infrastructure while facilitating upgrades to 100 Mbps speeds without needing a complete overhaul of the network. Similarly, the SEHI-32/34 offered even greater connectivity options, accommodating more users and devices while maintaining high throughput and low latency.

In terms of management features, the SEHI series was equipped with extensive traffic management capabilities, including Quality of Service (QoS) features that prioritized bandwidth for critical applications. This ensured that essential services such as voice over IP (VoIP) and video conferencing could function optimally, even during heavy network loads.

Furthermore, both modules featured advanced diagnostics and monitoring tools that provided network administrators with critical insights into traffic patterns and potential bottlenecks. This functionality was essential for maintaining network health and optimizing performance, especially in dynamic business environments.

Security also played a crucial role in the design of the SEHI-22/24 and SEHI-32/34. The modules incorporated support for various authentication methods and access controls, ensuring that sensitive data remained protected within the corporate network.

In summary, Cabletron Systems’ SEHI-22/24 and SEHI-32/34 offered significant advancements in Ethernet switching technology, allowing organizations to build robust, scalable, and secure networks. With their impressive features, compatibility, and capacity for management and security, these modules were instrumental in shaping reliable networking solutions for enterprises navigating the rapidly evolving digital landscape.