Manuals / Cabletron Systems / Computer Equipment / Network Hardware

Cabletron Systems SEHI-32/34 manual To assign secure addresses to a port, Conﬁguring Security

Models: SEHI-22/24 SEHI-32/34

1 90

Download 90 pages 61.33 Kb

Page 72

You cannot force a port to Unsecurable status if it is already locked.

Security

from the selected ports: a trap will be sent after the ﬁrst violation, but all packets, regardless of source address, will be allowed to pass. Ports in this state still have active eavesdropper protection.

NOTE

Any ports which are disabled in response to a violation will remain disabled even after the SEHI has been reset, and must be re-enabled manually. See Enabling /Disabling MIM Ports in Chapter 2 for more information.

3.The Security Level ﬁeld allows you to select which packets not addressed to the selected ports will be scrambled: click to select partial if you wish to scramble the data portion of all packets except broadcasts and multicasts; select full if you wish to scramble broadcasts and multicasts as well. Note that scrambling can only be applied to LANVIEWSECURE hubs; this ﬁeld will be grayed out if one or more non-LANVIEWSECUREhub ports has been selected in the list box.

4.Use the Force NonSecure ﬁeld to designate which ports should be securable (that is, lockable) and which should be unsecurable. By deﬁnition, any LANVIEWSECURE port with more than 35 addresses in its source address table (or exactly 35 for two consecutive ageing times) is unsecurable, as are any non-LANVIEWSECUREports with more than 3 addresses (or exactly 3 for two consecutive ageing times). Unsecurable ports — whether forced or natural — cannot be locked, and will be designated in the list box as Unsecurable.

NOTE

You cannot force a port to Unsecurable status if it is already locked.

5.Click on to save your changes; the new Security Level and violation response settings will be displayed in the list box.

To assign secure addresses to a port:

1.Click to select a single port in the list box; the button will be activated.

2.Click on ; the Addresses window, Figure 6-3, will appear.

6-8	Conﬁguring Security

Image 72

Cabletron Systems SEHI-32/34, SEHI-22/24 Security, You cannot force a port to Unsecurable status if it is already locked

Contents

The Complete Networking Solution Portable Management Application for the SEHI-22/24 and SEHI-32/34User’s Guide Page Virus Disclaimer Restricted Rights Notice Applicable to licenses to the United States Government onlyContents Using the SEHI Hub ViewChapter Introduction to SPMAContents Repeater RedundancySource Addressing SecurityUsing the SEHI User’s Guide Introduction to SPMA for the SEHI-22/24 and SEHI-32/34Chapter Using the SEHI User’s Guide Introduction to SPMA for the SEHI-22/24 and SEHI-32/34Conventions What’s NOT in the SEHI User’s GuideScreen Displays ConventionsClick here to display footer message history Introduction to SPMA for the SEHI-22/24 and SEHI-32/34Figure 1-1. Window Conventions ConventionsUsing the Mouse Button Button ButtonIntroduction to SPMA for the SEHI-22/24 and SEHI-32/34 ConventionsGetting Help Getting HelpIntroduction to SPMA for the SEHI-22/24 and SEHI-32/34 anonymousSEHI Firmware SEHI FirmwareIntroduction to SPMA for the SEHI-22/24 and SEHI-32/34 Introduction to SPMA for the SEHI-22/24 and SEHI-32/34 SEHI FirmwareUsing the SEHI Hub View Using the Hub Viewspmarun hubstack IP address community name ChapterUsing the SEHI Hub View Using the Hub ViewNavigating Through the Hub View Hub View Front PanelUptime Date and TimeDevice Name LocationUsing the SEHI Hub View Using the Hub ViewClicking on the Device button displays the Device menu, Figure Using the Mouse in the Hub View Ports Display SPMA for the SEHI application versionUsing the SEHI Hub View Using the Hub ViewErrors Errors/sec, total or by type Frame Sizes % of total packets Hub View Port Color CodesPort Display Form Load % of theoretical maximum Trafﬁc Pkts/sec Collisions Colls/secMonitoring Hub Performance Monitoring Hub PerformanceUsing the SEHI Hub View Errors Port Display FormLoad CollisionsFrame Sizes Port TypeUsing the SEHI Hub View Monitoring Hub PerformanceChecking Device Status and Updating Front Panel Info Name and LocationContact 2-10Checking Module Status Chassis TypeName 2-11Checking Repeater Status Active UsersModule Type 2-12Checking Port Status Link Status2-13 Using the SEHI Hub ViewStatus Media Type2-14 Using the SEHI Hub ViewChecking Statistics Topology Type2-15 Using the SEHI Hub ViewGeneral/Error Statistics Received BytesTotal Packets Avg Packet SizeTotal Errors Alignment ErrorsCRC Errors Multicast PacketsThe SEHI Error Priority Scheme Runt FramesGiant Frames 2-18Viewing the Port Source Address List Protocols/Frames StatisticsProtocols 2-19Managing the Hub 2-20Managing the Hub Using the SEHI Hub ViewSetting the Polling Intervals Contact Status2-21 Using the SEHI Hub ViewEnabling/Disabling Ports Device General StatusDevice Conﬁguration Port Operational State2-23 Using the SEHI Hub Viewwith the stack.CAUTION Managing the Hub2-24 Using the SEHI Hub ViewManaging the Hub What is a Segmentation Trap? Link/Seg TrapsChapter What is a Link Trap? Enabling and Disabling Link/Seg TrapsLink/Seg Traps from the iconfrom the command line stand-alone mode from the Hub Viewspmarun r4hwtr IP address community name Enabling and Disabling Link/Seg TrapsConﬁguring Link/Seg Traps for the Repeater Viewing and Conﬁguring Link/Seg Traps for Hub ModulesLink/Seg Traps Enabling and Disabling Link/Seg TrapsViewing and Conﬁguring Link/Seg Traps for Ports To enable or disable Link and Segmentation traps for individual portsLink/Seg Traps Figure 3-3. The Module Traps WindowLink/Seg Traps Figure 3-4. The Port Traps WindowEnabling and Disabling Link/Seg Traps Setting Network Circuit Redundancy This chapter describes how to conﬁgure and enable redundant circuitsRepeater Redundancy from the command line stand-alone modeSetting Network Circuit Redundancy Conﬁguring a Redundant CircuitRepeater Redundancy spmarun r4red IP address community nameSetting Network Circuit Redundancy Repeater RedundancyFigure 4-2. The Channel X Redundancy Window Figure 4-3. The Change Circuit WindowSetting Network Circuit Redundancy Repeater RedundancyFigure 4-4. The Add Circuit Address Window Monitoring Redundancy To set the Poll IntervalMonitoring Redundancy Repeater RedundancyTo immediately test all enabled circuits Repeater RedundancyTo set the Test Time Monitoring RedundancySource Addressing Displaying the Source Address Listspmarun r4sa IP address community name from the command line stand-alone modeSource Addressing Displaying the Source Address ListThe Repeater Source Address window, Figure 5-1, will appear Source Addressing Figure 5-2. The Source Address List WindowDisplaying the Source Address List Setting the Hash Type Setting the Ageing TimeSetting the Hash Type Source AddressingLocking Source Addresses Locking Source AddressesSource Addressing Source Address Locking on Older Devices Source AddressingLocking Source Addresses Conﬁguring Source Address Traps Conﬁguring Source Address TrapsSource Addressing Device-level Traps Module- and Port-level TrapsSource Addressing Conﬁguring Source Address TrapsSource Addressing To conﬁgure trap status for all ports on a selected module or modulesConﬁguring Source Address Traps 5-10 To enable or disable port-level trapsSource Addressing Figure 5-3. The Module Source Address Traps WindowFinding a Source Address Finding a Source Address5-11 Source Addressing5-12 Source AddressingTo ﬁnd a source address Figure 5-5. Find Source Address Window5-13 Source AddressingFigure 5-6. Results of MAC Address Search 4. Click on to exit the window5-14 Source AddressingFinding a Source Address Security Chapterfrom the icon from the Hub ViewWhat is LANVIEWSECURE? What is LANVIEWsecure?Security spmarun r4sec IP address SU community nameNew deﬁnitions for station and trunk ports Secure address assignmentTrunk port security What is LANVIEWsecure?The Newest LANVIEWSECURE Features Continuous learning modeConﬁgurable violation response Full or partial security against eavesdroppingLearned addresses reset Security on Non-LANVIEWSECURE HubsForced non-secure status What is LANVIEWsecure?Conﬁguring Security Conﬁguring SecurityLearned addresses reset SecuritySecurity Figure 6-2. Channel A Port Security WindowConﬁguring Security Security You cannot force a port to Unsecurable status if it is already lockedTo assign secure addresses to a port Conﬁguring SecuritySecurity Figure 6-3. The Addresses WindowConﬁguring Security Resetting Learned Addresses 6-10Security Figure 6-4. Add MAC Address WindowTips for Successfully Implementing Eavesdropper Protection 6-11Security Conﬁguring SecurityEnabling Security and Traps 6-12Enabling Security and Traps SecurityRepeater-level Security and Traps 6-13To enable or disable security and traps for all ports on a repeater SecurityHub-level Security and Traps 6-14To enable or disable locking and/or traps at the hub level SecurityPort-level Security and Traps 6-15To enable or disable security and/or traps at the port level Security6-16 SecurityFigure 6-7. Channel A Port Security Window Enabling Security and Traps6-17 Security6. Click on to save your changes each port’s new status will be displayed in the list box. Click on to close the window6-18 SecurityEnabling Security and Traps SEHI MIB Structure IETF MIB SupportSEHI MIB Structure Appendix ASEHI Host Services SEHI IP ServicesA Brief Word About MIB Components and Community Names SEHI MIB StructureNewer versions of devices with this component-based MIB architecture have been simpliﬁed somewhat these devices support a single, global set of community names, with small modiﬁcations added automatically to accommodate multiple instances of the same MIB component as occurs with the SEHI’s Network components. Again, deﬁning your device icon or launching a management application with one of these global community names gives SPMA access to all MIB information SEHI MIB StructureSEHI MIB Structure SEHI MIB Structure SEHI MIB StructureIndex Index-1Index Index-2Index-3 IndexIndex-4 Index