Manuals / Cabletron Systems / Computer Equipment / Network Cables

Cabletron Systems EMM-E6 manual Resetting Learned Addresses, 7-11, Configuring Security

Models: EMM-E6

1 118
Download 118 pages 2.72 Kb
Page 97
Image 97
Resetting Learned Addresses

Security

Resetting Learned Addresses

You can clear all learned and secured addresses out of a port’s address table, and allow that port to begin learning (and securing) new addresses, as follows:

1.In the Repeater Security window, click mouse button 1 on the repeater interface for which you would like to reset learned addresses.

2.Click mouse button 1 on Tips for Successfully Implementing Eavesdropper Protection, 7-11, or Manual background to open the appropriate window.

3.In the Module or Port window, click to select the module(s) or port(s) for which you wish to reset learned addresses.

NOTE

You cannot reset learned addresses for any port which is already locked or in an unsecurable state (either natural or forced). If you select a group of ports which includes one in a locked or unsecurable state, or if you select a module or a repeater which has a port in one of these states, the Reset Learned Addresses option will be unavailable.

4.Click to select the Reset Learned Addresses option. A confirmation window

will appear; click on Manual background to reset addresses, or on Manual background to cancel. The port’s address table will be cleared of all Learned and Secure addresses, and the learning process will restart.

Tips for Successfully Implementing Eavesdropper Protection

There are a couple of things to note about eavesdropper protection, or scrambling, that must be taken into consideration as you are planning security for your network.

Security can only be implemented by locking a port, and can only be completely disabled by unlocking the port. You cannot enable intruder protection on a LANVIEWSECURE MIM without also enabling eavesdropper protection. You can, however, effectively enable eavesdropper protection alone by selecting the noDisable option for the violation response; selecting noDisable basically eliminates intruder protection, as all packets will be allowed to pass regardless of their source address. (Note, however, that the port will issue a trap after the first violation.) You can also enable eavesdropper protection without intruder protection by selecting the Continuous lock mode; see Enabling Security and Traps, page 7-12, for details.

When locking has been enabled for a channel, packets travelling across the inter-RIC bus on the FNB backplane between MIMs operating on that channel will be scrambled to all but the destination port, and security operates as you would expect it to. However, packets are always transmitted clean to the EMM-E6’s bridge ports, so any packets transmitted to another channel will be

Configuring Security

7-11

Page 96 Page 98
Page 97
Image 97
Cabletron Systems EMM-E6 Resetting Learned Addresses, Tips for Successfully Implementing Eavesdropper Protection, 7-11
Page 96 Page 98