Cabletron Systems EMM-E6 manual The Newest LANVIEWSECURE Features, Configurable violation response

Security

If your EMM-E6 is running firmware more recent than 2.00.16 and previous to 3.11.xx,

TIP you will not have the ability to force a port to unsecurable status; however, for firmware versions in that range, ports which have been forced to trunk status will not be locked, so you can use the force trunk feature — available from the Hub View port menus — to render a port unsecurable if you wish.

Configurable violation response

Before LANVIEW SECURE, any locked port which experienced a violation was shut down automatically; now, you can choose to allow ports to remain enabled even after an unsecured address has attempted to access a locked port. If you choose not to disable a port which has experienced a violation, however, the port’s only response to an intruder will be to issue a trap after the first violation; all packets, regardless of source address, will be allowed to pass. Ports in this state still have active eavesdropper protection (see definition below), and all packets addressed to any destination other than the secured address(es) will be scrambled.

Full or partial security against eavesdropping

In addition to the enhanced intruder protection features described above, LANVIEWSECURE provides protection against eavesdroppers by scrambling the data portion of each packet to all ports except the port on which the destination address has been secured — in other words, the only port that will receive the packet in an unscrambled (readable) format is the port to which the packet was addressed. Two levels of eavesdropper protection are provided: full security scrambles all packets not specifically destined to the secured port, including broadcasts and multicasts; partial security scrambles only unicast packets.

The Newest LANVIEWSECURE Features

Additional LANVIEWSECURE features available on the newest firmware versions (3.11.xx) include:

Continuous learning mode

When configuring security on the newest LANVIEWSECURE devices, you can now choose between two levels of lock status: Full lock status, which behaves as locking has always done, and Continuous lock status, which essentially disables intruder protection by allowing the port to continue to learn new source addresses even when in a locked state. In this state, eavesdropper protection is still active, and will adjust so that packets addressed to the current learned address for a secured port are not scrambled.