Cabletron Systems SEHI-32/34, SEHI-22/24 manual Enabling Security and Traps

Page 76

Security

Enabling Security and Traps

You can enable or disable all applicable protections by locking or unlocking ports via the repeater, hub, or port Security window, as described in the sections below. There are two levels of lock status to choose from: if you select Full lock status, the port will stop learning new source addresses, accept packets only from secured source addresses, employ either full or partial eavesdrop protection (as configured), and take the configured steps (send trap and/or disable port) if a violation occurs; if you select Continuous lock status, the port will implement the configured level of eavesdrop protection, but continue to learn source addresses and allow all packets to pass, effectively disabling intruder protection.

Enabling and disabling traps from the Security windows has the same effect as enabling and disabling them from the Source Address windows; you can enable and disable the following traps:

A newSourceAddress trap is generated when a station port — one receiving packets from zero, one, or two source addresses — receives a packet from a source address that is not currently in its source address table. Information included in this trap includes the board number, port number, and source address associated with the trap. Trunk ports — those receiving packets from three or more source addresses — will not issue newSourceAddress traps.

A sourceAddressTimeout trap is issued anytime a source address is aged out of the Source Address Table due to inactivity. The trap’s interesting information includes the board and port index, and the source address that timed out. (See Setting the Ageing Time in Chapter 4, Source Addressing, for more information.)

All other source address traps (portTypeChanged, lockStatusChanged, portSecurityViolation, and portViolationReset, all defined in Chapter 4, Source Addressing) will continue to be generated as appropriate, as will the security- specific traps:

A secureStateChange trap indicates that a port has changed from a securable state to an unsecurable state, or vice versa; the interesting information includes board and port index.

A learnStateChange trap indicates that a port has had its learned addresses reset. Interesting information includes board and port index, and current learn state. Note that SPMA always maintains ports in a learn state, and just resets that learn state to achieve a reset of existing learned and secure addresses.

A learnModeChange trap is issued when a port is set to continuous lock mode; interesting information includes board and port index, and current learn mode.

When setting these parameters at the various levels, keep in mind that the most recent setting will override the existing status: for example, if you lock one or more ports at the port level, then unlock them at the hub level, all ports on the hub will be unlocked. Similarly, if you enable traps at the hub level, then disable them at the repeater level, traps will be disabled for all ports on the repeater.

6-12

Enabling Security and Traps

Image 76
Contents Complete Networking Solution Page Virus Disclaimer Restricted Rights Notice Applicable to licenses to the United States Government onlyContents Chapter Repeater Redundancy Chapter Source AddressingChapter Security Appendix a Sehi MIB StructureUsing the Sehi User’s Guide Introduction to Spma For the SEHI-22/24 and SEHI-32/34Using the Sehi User’s Guide What’s not in the Sehi User’s Guide ConventionsScreen Displays Introduction to Spma for the SEHI-22/24 and SEHI-32/34 Using the Mouse ButtonGetting Help FTPSehi Firmware Page Using the Sehi Hub View Using the Hub ViewNavigating Through the Hub View Hub View Front PanelUptime Date and TimeDevice Name LocationUsing the Sehi Hub View Using the Mouse in the Hub View Ports Display Hub View Port Color Codes Port Display FormMonitoring Hub Performance Errors Port Display FormLoad CollisionsFrame Sizes Port TypeName and Location Checking Device Status and Updating Front Panel InfoContact Chassis Type Checking Module StatusName Active Users Checking Repeater StatusModule Type Checking Port Status Link StatusStatus Media TypeChecking Statistics Topology TypeReceived Bytes Total PacketsAvg Packet Size Broadcast PacketsTotal Errors Alignment ErrorsCRC Errors Multicast PacketsRunt Frames Giant FramesViewing the Port Source Address List ProtocolsManaging the Hub Setting the Polling Intervals Contact StatusEnabling/Disabling Ports Device General StatusDevice Configuration Port Operational StateUsing the Sehi Hub View Using the Sehi Hub View Managing the Hub What is a Segmentation Trap? Link/Seg TrapsEnabling and Disabling Link/Seg Traps What is a Link Trap?From the icon From the command line stand-alone mode From the Hub ViewConfiguring Link/Seg Traps for the Repeater Viewing and Configuring Link/Seg Traps for Hub ModulesViewing and Configuring Link/Seg Traps for Ports Module Traps WindowPort Traps Window Setting Network Circuit Redundancy Repeater RedundancyConfiguring a Redundant Circuit Spmarun r4red IP address community nameChannel X Redundancy Window Add Circuit Address Window Monitoring Redundancy To set the Poll IntervalClick in the All Circuits box Source Addressing Displaying the Source Address ListDisplaying the Source Address List Source Addressing Setting the Hash Type Setting the Ageing TimeLocking Source Addresses Source Address Locking on Older Devices Configuring Source Address Traps Device-level Traps Module- and Port-level TrapsSource Addressing Source Addressing Finding a Source Address Port Source Address Traps WindowFind Source Address Window Click on to exit the window Source Addressing Finding a Source Address Security What is LANVIEWSECURE? Spmarun r4sec IP address SU community nameSecure address assignment New definitions for station and trunk portsTrunk port security Newest Lanviewsecure Features Continuous learning modeConfigurable violation response Full or partial security against eavesdroppingSecurity on Non-LANVIEWSECUREHubs Learned addresses resetForced non-secure status Configuring Security Security To assign secure addresses to a port Addresses Window Resetting Learned Addresses Add MAC Address WindowTips for Successfully Implementing Eavesdropper Protection Enabling Security and Traps Repeater-level Security and Traps Hub-level Security and Traps Channel a Security WindowPort-level Security and Traps Channel a Module Security WindowChannel a Port Security Window Security Security Enabling Security and Traps Sehi MIB Structure Ietf MIB SupportSehi Chassis MGR Sehi Host Services Sehi IP ServicesBrief Word About MIB Components and Community Names Repeater OneSehi MIB Structure Sehi MIB Structure Index Index-2 Index-3 Index Index-4

SEHI-22/24, SEHI-32/34 specifications

Cabletron Systems was a notable player in the networking hardware market during the rise of local area networks (LANs) in the late 20th century. Among its innovative products were the SEHI-22/24 and SEHI-32/34 modules, which were designed to enhance network capabilities in enterprise environments.

The SEHI-22/24 and SEHI-32/34 were versatile high-performance Ethernet switch modules that offered significant advantages in network management and connectivity. These modules were designed to work with Cabletron's modular switching and routing architecture, allowing for scalable solutions tailored to specific network demands. A key feature of the SEHI series was its support for a range of Ethernet standards, ensuring compatibility with diverse networking environments.

One notable characteristic of the SEHI-22/24 was its ability to support both 10Base-T and 100Base-TX Ethernet technologies. This dual support enabled organizations to leverage existing 10 Mbps infrastructure while facilitating upgrades to 100 Mbps speeds without needing a complete overhaul of the network. Similarly, the SEHI-32/34 offered even greater connectivity options, accommodating more users and devices while maintaining high throughput and low latency.

In terms of management features, the SEHI series was equipped with extensive traffic management capabilities, including Quality of Service (QoS) features that prioritized bandwidth for critical applications. This ensured that essential services such as voice over IP (VoIP) and video conferencing could function optimally, even during heavy network loads.

Furthermore, both modules featured advanced diagnostics and monitoring tools that provided network administrators with critical insights into traffic patterns and potential bottlenecks. This functionality was essential for maintaining network health and optimizing performance, especially in dynamic business environments.

Security also played a crucial role in the design of the SEHI-22/24 and SEHI-32/34. The modules incorporated support for various authentication methods and access controls, ensuring that sensitive data remained protected within the corporate network.

In summary, Cabletron Systems’ SEHI-22/24 and SEHI-32/34 offered significant advancements in Ethernet switching technology, allowing organizations to build robust, scalable, and secure networks. With their impressive features, compatibility, and capacity for management and security, these modules were instrumental in shaping reliable networking solutions for enterprises navigating the rapidly evolving digital landscape.