Source Addressing

NOTE

Remember, you must have SuperUser (SU) access to the device in order to lock or unlock ports.

In addition to activating the security measures as configured via the Security application, locking source addresses has the following effects:

On devices running older versions of firmware, unlinked ports will be disabled immediately after locking has been enabled; these ports can be re- enabled using their port menus, but they will immediately be disabled again if a device is connected and begins transmitting (since the port’s source address table was locked in an empty state). On devices with newer firmware, unlinked ports are not automatically disabled in response to port locking, but they, too, will be immediately disabled if a device is connected and attempts to transmit packets.

Although the Source Ageing Interval does not apply to station ports when Source Address Locking is enabled, the snapshot of the SAT provided by the Source Address List window may show a learned source address ageing out if that address remains inactive, and the appropriate trap will be generated.

Once Source Address Locking has been enabled, each port’s topology status (station or trunk) remains fixed and will not change while locking remains enabled, regardless of any changes in the number of source addresses detected.

If Source Address Locking has been enabled, and one or more ports have been shut down because a new source address attempted access, those ports will remain disabled even after the SEHI has been reset, and must be re-enabled manually.

Source Address Locking on Older Devices

If your SEHI is running a firmware version previous to 1.05.01, Source Address Locking is implemented somewhat differently:

Station ports are defined as those detecting zero or one source address; trunk ports as those detecting two or more.

If a locked station port experiences a violation, the port will be automatically disabled and no traffic will be allowed through — not even traffic from the known source address.

Trunk ports are never locked.

Unlinked ports are immediately disabled.

The Source Ageing Interval does not apply to locked station ports.

5-6

Locking Source Addresses

Page 55 Page 57
Page 56
Image 56
Cabletron Systems SEHI-32/34, SEHI-22/24 manual Source Address Locking on Older Devices
Page 55 Page 57

SEHI-22/24, SEHI-32/34 specifications

Cabletron Systems was a notable player in the networking hardware market during the rise of local area networks (LANs) in the late 20th century. Among its innovative products were the SEHI-22/24 and SEHI-32/34 modules, which were designed to enhance network capabilities in enterprise environments.

The SEHI-22/24 and SEHI-32/34 were versatile high-performance Ethernet switch modules that offered significant advantages in network management and connectivity. These modules were designed to work with Cabletron's modular switching and routing architecture, allowing for scalable solutions tailored to specific network demands. A key feature of the SEHI series was its support for a range of Ethernet standards, ensuring compatibility with diverse networking environments.

One notable characteristic of the SEHI-22/24 was its ability to support both 10Base-T and 100Base-TX Ethernet technologies. This dual support enabled organizations to leverage existing 10 Mbps infrastructure while facilitating upgrades to 100 Mbps speeds without needing a complete overhaul of the network. Similarly, the SEHI-32/34 offered even greater connectivity options, accommodating more users and devices while maintaining high throughput and low latency.

In terms of management features, the SEHI series was equipped with extensive traffic management capabilities, including Quality of Service (QoS) features that prioritized bandwidth for critical applications. This ensured that essential services such as voice over IP (VoIP) and video conferencing could function optimally, even during heavy network loads.

Furthermore, both modules featured advanced diagnostics and monitoring tools that provided network administrators with critical insights into traffic patterns and potential bottlenecks. This functionality was essential for maintaining network health and optimizing performance, especially in dynamic business environments.

Security also played a crucial role in the design of the SEHI-22/24 and SEHI-32/34. The modules incorporated support for various authentication methods and access controls, ensuring that sensitive data remained protected within the corporate network.

In summary, Cabletron Systems’ SEHI-22/24 and SEHI-32/34 offered significant advancements in Ethernet switching technology, allowing organizations to build robust, scalable, and secure networks. With their impressive features, compatibility, and capacity for management and security, these modules were instrumental in shaping reliable networking solutions for enterprises navigating the rapidly evolving digital landscape.
Top Page Image Contents