Security Information
Security Information
Setting Outbound Security with Eavesdrop Prevention
Setting Outbound Security with
Eavesdrop Prevention
Eavesdrop Prevention allows a port to receive a packet transmitted on the network as valid data only if the port’s MAC address matches the packet’s destination address. If the port’s MAC address does not match the packet destination address, the port will receive a packet containing a meaningless data field of alternating 1’s and 0’s. Multicast and broadcast packets are transmitted to all ports unmodified.
Note that sending a packet containing alternating 1’s and 0’s will continue to allow the port to detect the traffic on the network, so that the CSMA/CD network requirements are met. However, the port will correctly record the invalid data packet received as a CRC error. An
The illustration on the next page shows the use of outbound data security using Eavesdrop Prevention. This type of data security should be enabled on any port that is to receive data on a “need to know” basis. The port must have an authorized MAC address configured and must be connected to only one
Eavesdrop Prevention may not be used on cascaded ports, or ports connected to a network with multiple end users.
In the illustration below, Server 104 is transmitting a packet destined for PC
101.(For illustration purposes, the numbers 101, 102, 103, and 104 are used to represent
102have Eavesdrop Prevention enabled or configured ON. Because PC 101’s MAC address matches the packet destination address, it receives the packet unaltered. However, PC 102’s MAC address does not match the packet desti- nation address and therefore it receives a useless packet (the packet data field contains a meaningless pattern of alternating 1’s and 0’s.) The port for PC 103 does not have Eavesdrop Prevention enabled and therefore PC 103 receives the packet unaltered from Server 104.