Manuals / Cabletron Systems / Computer Equipment / Network Hardware

Cabletron Systems SEHI-32/34, SEHI-22/24 manual Conﬁguring Security, Forced non-secure status

Models: SEHI-22/24 SEHI-32/34

1 90

Download 90 pages 61.33 Kb

Page 70

Security

intruder will be to issue a trap after the ﬁrst violation; all packets, regardless of source address, will be allowed to pass.

Forced non-secure status

With the enhanced version of LANVIEWSECURE, even ports on non- LANVIEWSECURE Hubs can be forced to an unsecurable status (as long as they are currently unlocked).

Learned addresses reset

You can still use the Reset Learned Addresses option in the repeater-, board-, or port-level Security window to clear all learned and secured addresses out of the selected port(s) address table, and allow that port to begin learning (and securing) new addresses. Note that you cannot reset learned addresses on a locked port or on a port which is designated unsecurable.

Eavesdrop protection (scrambling), trunk port locking, continuous lock mode, and the ﬂoating address cache are not available for non-LANVIEWSECUREhubs.

Conﬁguring Security

Most Security parameters are set via the port-level Security window; these will apply to the conﬁgured port regardless of the level at which security is enabled.

To access the Port Security window:

1.In the Repeater Security window, click to select the interface for which you would like to conﬁgure port-level security.

2.Click mouse button 1 on ; the Channel A Port Security window, Figure 6-2, will appear.

6-6	Conﬁguring Security

Image 70

Cabletron Systems SEHI-32/34, SEHI-22/24 manual Conﬁguring Security, Forced non-secure status, Learned addresses reset

Contents

Portable Management Application for the SEHI-22/24 and SEHI-32/34 The Complete Networking SolutionUser’s Guide Page Virus Disclaimer Restricted Rights Notice Applicable to licenses to the United States Government onlyChapter ContentsUsing the SEHI Hub View Introduction to SPMASource Addressing ContentsRepeater Redundancy SecurityIntroduction to SPMA for the SEHI-22/24 and SEHI-32/34 Using the SEHI User’s GuideChapter Using the SEHI User’s Guide Introduction to SPMA for the SEHI-22/24 and SEHI-32/34Screen Displays ConventionsWhat’s NOT in the SEHI User’s Guide ConventionsFigure 1-1. Window Conventions Click here to display footer message historyIntroduction to SPMA for the SEHI-22/24 and SEHI-32/34 ConventionsIntroduction to SPMA for the SEHI-22/24 and SEHI-32/34 Using the MouseButton Button Button ConventionsIntroduction to SPMA for the SEHI-22/24 and SEHI-32/34 Getting HelpGetting Help anonymousSEHI Firmware SEHI FirmwareIntroduction to SPMA for the SEHI-22/24 and SEHI-32/34 Introduction to SPMA for the SEHI-22/24 and SEHI-32/34 SEHI Firmwarespmarun hubstack IP address community name Using the SEHI Hub ViewUsing the Hub View ChapterNavigating Through the Hub View Using the SEHI Hub ViewUsing the Hub View Hub View Front PanelDevice Name UptimeDate and Time LocationUsing the Hub View Using the SEHI Hub ViewClicking on the Device button displays the Device menu, Figure Using the SEHI Hub View Using the Mouse in the Hub View Ports DisplaySPMA for the SEHI application version Using the Hub ViewPort Display Form Errors Errors/sec, total or by type Frame Sizes % of total packetsHub View Port Color Codes Load % of theoretical maximum Trafﬁc Pkts/sec Collisions Colls/secMonitoring Hub Performance Monitoring Hub PerformanceUsing the SEHI Hub View Load ErrorsPort Display Form CollisionsUsing the SEHI Hub View Frame SizesPort Type Monitoring Hub PerformanceContact Checking Device Status and Updating Front Panel InfoName and Location 2-10Name Checking Module StatusChassis Type 2-11Module Type Checking Repeater StatusActive Users 2-122-13 Checking Port StatusLink Status Using the SEHI Hub View2-14 StatusMedia Type Using the SEHI Hub View2-15 Checking StatisticsTopology Type Using the SEHI Hub ViewTotal Packets General/Error StatisticsReceived Bytes Avg Packet SizeCRC Errors Total ErrorsAlignment Errors Multicast PacketsGiant Frames The SEHI Error Priority SchemeRunt Frames 2-18Protocols Viewing the Port Source Address ListProtocols/Frames Statistics 2-19Managing the Hub Managing the Hub2-20 Using the SEHI Hub View2-21 Setting the Polling IntervalsContact Status Using the SEHI Hub ViewDevice Conﬁguration Enabling/Disabling PortsDevice General Status Port Operational Statewith the stack.CAUTION 2-23Using the SEHI Hub View Managing the HubUsing the SEHI Hub View 2-24Managing the Hub Link/Seg Traps What is a Segmentation Trap?Chapter Link/Seg Traps What is a Link Trap?Enabling and Disabling Link/Seg Traps from the iconspmarun r4hwtr IP address community name from the command line stand-alone modefrom the Hub View Enabling and Disabling Link/Seg TrapsLink/Seg Traps Conﬁguring Link/Seg Traps for the RepeaterViewing and Conﬁguring Link/Seg Traps for Hub Modules Enabling and Disabling Link/Seg TrapsLink/Seg Traps Viewing and Conﬁguring Link/Seg Traps for PortsTo enable or disable Link and Segmentation traps for individual ports Figure 3-3. The Module Traps WindowFigure 3-4. The Port Traps Window Link/Seg TrapsEnabling and Disabling Link/Seg Traps Repeater Redundancy Setting Network Circuit RedundancyThis chapter describes how to conﬁgure and enable redundant circuits from the command line stand-alone modeRepeater Redundancy Setting Network Circuit RedundancyConﬁguring a Redundant Circuit spmarun r4red IP address community nameFigure 4-2. The Channel X Redundancy Window Setting Network Circuit RedundancyRepeater Redundancy Figure 4-3. The Change Circuit WindowRepeater Redundancy Setting Network Circuit RedundancyFigure 4-4. The Add Circuit Address Window Monitoring Redundancy Monitoring RedundancyTo set the Poll Interval Repeater RedundancyTo set the Test Time To immediately test all enabled circuitsRepeater Redundancy Monitoring Redundancyspmarun r4sa IP address community name Source AddressingDisplaying the Source Address List from the command line stand-alone modeDisplaying the Source Address List Source AddressingThe Repeater Source Address window, Figure 5-1, will appear Figure 5-2. The Source Address List Window Source AddressingDisplaying the Source Address List Setting the Hash Type Setting the Hash TypeSetting the Ageing Time Source AddressingLocking Source Addresses Locking Source AddressesSource Addressing Source Addressing Source Address Locking on Older DevicesLocking Source Addresses Conﬁguring Source Address Traps Conﬁguring Source Address TrapsSource Addressing Source Addressing Device-level TrapsModule- and Port-level Traps Conﬁguring Source Address TrapsTo conﬁgure trap status for all ports on a selected module or modules Source AddressingConﬁguring Source Address Traps Source Addressing 5-10To enable or disable port-level traps Figure 5-3. The Module Source Address Traps Window5-11 Finding a Source AddressFinding a Source Address Source AddressingTo ﬁnd a source address 5-12Source Addressing Figure 5-5. Find Source Address WindowFigure 5-6. Results of MAC Address Search 5-13Source Addressing 4. Click on to exit the windowSource Addressing 5-14Finding a Source Address from the icon SecurityChapter from the Hub ViewSecurity What is LANVIEWSECURE?What is LANVIEWsecure? spmarun r4sec IP address SU community nameTrunk port security New deﬁnitions for station and trunk portsSecure address assignment What is LANVIEWsecure?Conﬁgurable violation response The Newest LANVIEWSECURE FeaturesContinuous learning mode Full or partial security against eavesdroppingForced non-secure status Learned addresses resetSecurity on Non-LANVIEWSECURE Hubs What is LANVIEWsecure?Learned addresses reset Conﬁguring SecurityConﬁguring Security SecurityFigure 6-2. Channel A Port Security Window SecurityConﬁguring Security To assign secure addresses to a port SecurityYou cannot force a port to Unsecurable status if it is already locked Conﬁguring SecurityFigure 6-3. The Addresses Window SecurityConﬁguring Security Security Resetting Learned Addresses6-10 Figure 6-4. Add MAC Address WindowSecurity Tips for Successfully Implementing Eavesdropper Protection6-11 Conﬁguring SecurityEnabling Security and Traps Enabling Security and Traps6-12 SecurityTo enable or disable security and traps for all ports on a repeater Repeater-level Security and Traps6-13 SecurityTo enable or disable locking and/or traps at the hub level Hub-level Security and Traps6-14 SecurityTo enable or disable security and/or traps at the port level Port-level Security and Traps6-15 SecurityFigure 6-7. Channel A Port Security Window 6-16Security Enabling Security and Traps6. Click on to save your changes each port’s new status will be 6-17Security displayed in the list box. Click on to close the windowSecurity 6-18Enabling Security and Traps SEHI MIB Structure SEHI MIB StructureIETF MIB Support Appendix AA Brief Word About MIB Components and Community Names SEHI Host ServicesSEHI IP Services SEHI MIB StructureSEHI MIB Structure Newer versions of devices with this component-based MIB architecture have been simpliﬁed somewhat these devices support a single, global set of community names, with small modiﬁcations added automatically to accommodate multiple instances of the same MIB component as occurs with the SEHI’s Network components. Again, deﬁning your device icon or launching a management application with one of these global community names gives SPMA access to all MIB informationSEHI MIB Structure SEHI MIB Structure SEHI MIB StructureIndex Index-1Index Index-2Index-3 IndexIndex-4 Index