Security

If your SEHI is running firmware more recent than 1.05.01 and previous to 2.10.xx, you

TIP will not have the ability to force a port to unsecurable status; however, for firmware versions in that range, ports which have been forced to trunk status will not be locked, so you can use the force trunk feature to render a port unsecurable if you wish.

Configurable violation response

Before LANVIEW SECURE, any locked port which experienced a violation was shut down automatically; now, you can choose to allow ports to remain enabled even after an unsecured address has attempted to access a locked port. If you choose not to disable a port which has experienced a violation, however, the port’s only response to an intruder will be to issue a trap after the first violation; all packets, regardless of source address, will be allowed to pass. Ports in this state still have active eavesdropper protection (see definition below), and all packets addressed to any destination other than the secured address(es) will be scrambled.

Full or partial security against eavesdropping

In addition to the enhanced intruder protection features described above, LANVIEWSECURE provides protection against eavesdroppers by scrambling the data portion of each packet to all ports except the port on which the destination address has been secured — in other words, the only port that will receive the packet in an unscrambled (readable) format is the port to which the packet was addressed. Two levels of eavesdropper protection are provided: full security scrambles all packets not specifically destined to the secured port, including broadcasts and multicasts; partial security scrambles only unicast packets.

The Newest LANVIEWSECURE Features

Additional LANVIEWSECURE features available on the newest firmware versions (SEHI 2.10.xx and higher) include:

Continuous learning mode

When configuring security on the newest LANVIEWSECURE devices, you can now choose between two levels of lock status: Full lock status, which behaves as locking has always done, and Continuous lock status, which essentially disables intruder protection by allowing the port to continue to learn new source addresses even when in a locked state. In this state, eavesdropper protection is still active, and will adjust so that packets addressed to the current learned address for a secured port are not scrambled.

NOTE

Locking ports from a Source Address window automatically provides Full lock status; however, locking ports from the repeater- or hub-level Source Address window does not override any existing Continuous lock status settings.

6-4

What is LANVIEWsecure?

Page 67 Page 69
Page 68
Image 68
Cabletron Systems SEHI-32/34 manual Newest Lanviewsecure Features, Configurable violation response, Continuous learning mode
Page 67 Page 69

SEHI-22/24, SEHI-32/34 specifications

Cabletron Systems was a notable player in the networking hardware market during the rise of local area networks (LANs) in the late 20th century. Among its innovative products were the SEHI-22/24 and SEHI-32/34 modules, which were designed to enhance network capabilities in enterprise environments.

The SEHI-22/24 and SEHI-32/34 were versatile high-performance Ethernet switch modules that offered significant advantages in network management and connectivity. These modules were designed to work with Cabletron's modular switching and routing architecture, allowing for scalable solutions tailored to specific network demands. A key feature of the SEHI series was its support for a range of Ethernet standards, ensuring compatibility with diverse networking environments.

One notable characteristic of the SEHI-22/24 was its ability to support both 10Base-T and 100Base-TX Ethernet technologies. This dual support enabled organizations to leverage existing 10 Mbps infrastructure while facilitating upgrades to 100 Mbps speeds without needing a complete overhaul of the network. Similarly, the SEHI-32/34 offered even greater connectivity options, accommodating more users and devices while maintaining high throughput and low latency.

In terms of management features, the SEHI series was equipped with extensive traffic management capabilities, including Quality of Service (QoS) features that prioritized bandwidth for critical applications. This ensured that essential services such as voice over IP (VoIP) and video conferencing could function optimally, even during heavy network loads.

Furthermore, both modules featured advanced diagnostics and monitoring tools that provided network administrators with critical insights into traffic patterns and potential bottlenecks. This functionality was essential for maintaining network health and optimizing performance, especially in dynamic business environments.

Security also played a crucial role in the design of the SEHI-22/24 and SEHI-32/34. The modules incorporated support for various authentication methods and access controls, ensuring that sensitive data remained protected within the corporate network.

In summary, Cabletron Systems’ SEHI-22/24 and SEHI-32/34 offered significant advancements in Ethernet switching technology, allowing organizations to build robust, scalable, and secure networks. With their impressive features, compatibility, and capacity for management and security, these modules were instrumental in shaping reliable networking solutions for enterprises navigating the rapidly evolving digital landscape.
Top Page Image Contents