Cabletron Systems TRMMIM manual Ring Security Conﬁguration, About Ring Security

Page 103

Chapter 6

Ring Security Conﬁguration

Selecting a ring for which to set security; conﬁguring the Allowed and Disallowed Station Lists; selecting ring security levels

About Ring Security

The Ring Security application allows you to control access to the Token Ring networks being managed by the TRMMIM by specifying an “Allowed List” of stations permitted to enter the ring, a “Disallowed List” of stations removed from the Allowed List, and a security mode which controls the ring’s response to stations illegally attempting to enter the ring.

The Allowed List, which by default contains the MAC address of each station known or permitted on the ring network when security is enabled, is a database stored at the TRMMIM itself. Each Token Ring hub can store up to 250 station MAC addresses in the Allowed List, which is maintained in its battery-backed Non-Volatile Random Access Memory (NVRAM). When you power up or reset the TRMMIM, all MAC addresses will be retained and ring security resumes its previous state.

You ﬁrst build the Allowed List either by enabling ring security with the “Warn” security mode activated (as described in Conﬁguring Security, page 6-7) — which will add the MAC addresses of all stations currently detected on the ring to the Allowed List — or by individually entering the MAC addresses of each station using the Add button. Once the list has been built and updated, you can switch the security mode to “Warn and Remove,” which will issue a trap to your management station and send a Remove MAC frame to any unauthorized station (that is, one not in the Allowed List) which tries to enter the ring. You can add to the allowed list at any time.

The Disallowed List acts as a repository for the MAC addresses of stations that have been removed from the Allowed List, or station addresses that you administratively enter. These addresses are stored in a “Disallowed” database that is maintained at your management workstation. The number of entries in the database is limited only by disk space. You can add to the Disallowed List either

6-1

Image 103

Contents Trmmim Page Virus Disclaimer Applicable to licenses to the United States Government only Restricted Rights NoticeContents Chapter Ring Map Chapter Alarm ConﬁgurationChapter Statistics Appendix a Trmmim MIB Structure Chapter Ring Security ConﬁgurationContents Trmmim Using the Trmmim User’s GuideIntroduction to Spma for the Trmmim What’s not in the Trmmim GuideScreen Displays ConventionsIntroduction to Spma for the Trmmim Button Using the MouseFTP Getting HelpTrmmim Firmware Introduction to Spma for the Trmmim Trmmim Firmware Using the Hub View Using the Trmmim Hub ViewNavigating Through the Hub View Using the Trmmim Hub ViewTrmmim Hub View Hub View Front PanelDevice Location UptimeTime and Date Device NameUsing the Trmmim Hub View Using the Mouse in a Hub View Module Module Index FNB Bypass State Port Display Form Hub View Port Color CodesPort Type ErrorsFrames Total BytesFNB Display Monitoring Hub Performance Using the Trmmim Hub View Name and Location Checking Device Status and Updating Front Panel InfoTotal Rings Checking Module StatusContact Date and TimeModule Speed FaultSpeed Fault Location Module NameModule/Port Admin StateChecking Port Status Port NameLink State Time Checking Station StatusInsertion Trap Vendor Station NameUpstream Neighbor/Downstream Neighbor Reverse MACs Physical LocationPriority Port MappingConﬁguring Station Name, Location, or Priority Checking Ring Port StatusMedia Type Fault State TimeMedia Fault ClassChecking Statistics Abort BytesLine BurstManaging the Hub at the Device Level Managing the HubFind MAC Address 12. The Find MAC Address Window Setting the Polling IntervalsContact Status 13. Trmmim Polling IntervalsStatistics Device General StatusDevice Conﬁguration Port Operational StateControlling Token Ring FNB Multiplexer Connections Managing the Hub at the Module LevelINS Bypass BoardLeft Connect Right ConnectClearing the Module FNB Conﬁguration Window Selections Controlling Token Ring SpeedManagement MGT Controlling Token Ring MIM Management ModeEnabling All Ports on Token Ring Modules Auto AUTConverting a Station Port to a Ring-out Port Managing the Hub at the Port LevelEnabling and Disabling Station and Ring Ports Removing a Station from the Ring Ring Map From the Hub View From the command line stand-alone modeLaunching the Ring Map From the iconRing Name Selecting a Ring to MapRing Map Utilization SpeedStations NameQuick Info Popup Window Viewing Station-speciﬁc InformationDrop Board and PortPerformance and Errors Setting a Station NameViewing Management Station Conﬁguration Setting a Station DropCommands Open Status Error StatusActive Monitor ErrorError Report Timer Setting the Statistics Calculation ModeViewing Ring-level Information Set Calculation Mode Window Viewing the Error TableError Table Window Isolating Errors Total ErrorsNon-Isolating Errors Changing the Station Labels Viewing Device Information Device Information Window Setting the Map Poll IntervalBeacon Events Viewing Beacon HistoryActive Monitor Changes Ring PurgesLongest Beacon Last Beacon TypeLast Beacon Beacon Conﬁguration 12. The Beacon Conﬁguration Window Using the Find Options 13. Sample Find Windows Searching by Station Name, MAC Address, Board/Port, or DropFinding the Active Monitor on the Network Finding the Management Station on the Network Frames or Errors measured/Δ Time in seconds 14. Sample Find Highest and Lowest Windows Accessing Other Spma ApplicationsAlarm Conﬁguration Spmarun e5alarms IP address community name Setting and Viewing Ring Alarms Alarm Conﬁguration Setting a Ring Level Alarm Setting and Viewing Station AlarmsAlarm Conﬁguration Alarm Conﬁguration Alarm Conﬁguration Setting a Station Level Alarm Alarm Conﬁguration Setting and Viewing Station Alarms Statistics Using StatisticsSpmarun e5stats IP Address community name Viewing the Ring Station ListDownstream Addr Module and PortStn Name Upstream AddrMonitoring Ring and Station Statistics Using the Reverse MAC ButtonRefreshing the Station List Creating a Pie Chart Creating a Graph or Meter Click mouse button 1 on KBytes Ring and Station VariablesGeneral ProtocolsAC Error Isolating ErrorsLine Errors Burst ErrorAbort Error Non-Isolating ErrorsInternal Error Frequency Errors Token ErrorsStatistics Ring and Station Variables About Ring Security Ring Security ConﬁgurationRing Security Conﬁguration Launching the Security Conﬁguration WindowSecurity Conﬁguration Ring Selection window, -1, will appear Disallowed Count Allowed Station ListAllowed Count Disallowed Station ListDisable Security Security Mode OptionsEnable Security Allowed/Disallowed List Conﬁguration Buttons Building the Allowed List Automatically Conﬁguring SecurityStation Addition Window Deleting Stations from the Allowed or Disallowed ListsClear List Window Clearing All Entries in the Allowed or Disallowed ListRemove Changing the Ring Security ModeTrmmim MIB Structure Ietf MIB SupportNetwork One, Network Two Chassis MGRProtocol Stack Snmp AgentTelnet Brief Word About MIB Components and Community NamesTrmmim MIB Structure Index Index-2 Index-3 Index-4