Security

Forced non-secure status

With the original version of LANVIEWSECURE, all ports except those which had been forced to trunk status could be locked, and would be locked automatically if locking were enabled at the repeater or hub level. With the enhanced version of LANVIEWSECURE, this has changed in two ways: first, any port which has more than 35 addresses in its source address table (or exactly 35 addresses through two consecutive ageing times) is automatically considered unsecurable and cannot be locked while in this state; and second, you can force any port into this unsecurable state (as long as it is not already locked).

Learned addresses reset

By selecting the Reset Learned Addresses option in the repeater-, board-, or port- level Security window, you can clear all learned and secured addresses out of the selected port(s) address table, and allow that port to begin learning (and securing) new addresses. Note that you cannot reset learned addresses on a locked port or on a port which is designated unsecurable.

NOTE

You cannot reset learned addresses or force non-secure status on a port which is already locked; in order to implement either of those features, you must first unlock the port.

Security on Non-LANVIEWSECUREHubs

LANVIEWSECURE features as described above apply in total only to hubs designated as LANVIEWSECURE (as indicated by a label on the front panel and an “S” appended to the hub name). Some of the enhanced security features, however, will apply to all hubs installed in your SEHI-controlled hubstack, regardless of their LANVIEW SECURE status:

New definitions for station and trunk ports

All ports in your SEHI-controlled hubstack will be defined as station or trunk ports according to the new definitions: station ports are those detecting zero, one, or two source addresses; trunk ports are those detecting three or more.

Secure address assignment

Up to two source addresses detected on any station port are still automatically secured, and you can still accept or replace these default addresses. However, you cannot assign more than two secure addresses to any port (as there is no floating cache available), and neither natural nor forced trunk ports will ever be locked while in a trunk state.

Configurable violation response

You can still choose to allow ports to remain enabled even after an unsecured address has attempted to access a locked port. If you choose not to disable a port which has experienced a violation, however, the port’s only response to an

What is LANVIEWsecure?

6-5

Page 68 Page 70
Page 69
Image 69
Cabletron Systems SEHI-22/24 manual Security on Non-LANVIEWSECUREHubs, Forced non-secure status, Learned addresses reset
Page 68 Page 70

SEHI-22/24, SEHI-32/34 specifications

Cabletron Systems was a notable player in the networking hardware market during the rise of local area networks (LANs) in the late 20th century. Among its innovative products were the SEHI-22/24 and SEHI-32/34 modules, which were designed to enhance network capabilities in enterprise environments.

The SEHI-22/24 and SEHI-32/34 were versatile high-performance Ethernet switch modules that offered significant advantages in network management and connectivity. These modules were designed to work with Cabletron's modular switching and routing architecture, allowing for scalable solutions tailored to specific network demands. A key feature of the SEHI series was its support for a range of Ethernet standards, ensuring compatibility with diverse networking environments.

One notable characteristic of the SEHI-22/24 was its ability to support both 10Base-T and 100Base-TX Ethernet technologies. This dual support enabled organizations to leverage existing 10 Mbps infrastructure while facilitating upgrades to 100 Mbps speeds without needing a complete overhaul of the network. Similarly, the SEHI-32/34 offered even greater connectivity options, accommodating more users and devices while maintaining high throughput and low latency.

In terms of management features, the SEHI series was equipped with extensive traffic management capabilities, including Quality of Service (QoS) features that prioritized bandwidth for critical applications. This ensured that essential services such as voice over IP (VoIP) and video conferencing could function optimally, even during heavy network loads.

Furthermore, both modules featured advanced diagnostics and monitoring tools that provided network administrators with critical insights into traffic patterns and potential bottlenecks. This functionality was essential for maintaining network health and optimizing performance, especially in dynamic business environments.

Security also played a crucial role in the design of the SEHI-22/24 and SEHI-32/34. The modules incorporated support for various authentication methods and access controls, ensuring that sensitive data remained protected within the corporate network.

In summary, Cabletron Systems’ SEHI-22/24 and SEHI-32/34 offered significant advancements in Ethernet switching technology, allowing organizations to build robust, scalable, and secure networks. With their impressive features, compatibility, and capacity for management and security, these modules were instrumental in shaping reliable networking solutions for enterprises navigating the rapidly evolving digital landscape.
Top Page Image Contents