Security

Enabling Security and Traps

You can enable or disable all applicable protections by locking or unlocking ports via the repeater, hub, or port Security window, as described in the sections below. There are two levels of lock status to choose from: if you select Full lock status, the port will stop learning new source addresses, accept packets only from secured source addresses, employ either full or partial eavesdrop protection (as configured), and take the configured steps (send trap and/or disable port) if a violation occurs; if you select Continuous lock status, the port will implement the configured level of eavesdrop protection, but continue to learn source addresses and allow all packets to pass, effectively disabling intruder protection.

Enabling and disabling traps from the Security windows has the same effect as enabling and disabling them from the Source Address windows; you can enable and disable the following traps:

A newSourceAddress trap is generated when a station port — one receiving packets from zero, one, or two source addresses — receives a packet from a source address that is not currently in its source address table. Information included in this trap includes the board number, port number, and source address associated with the trap. Trunk ports — those receiving packets from three or more source addresses — will not issue newSourceAddress traps.

A sourceAddressTimeout trap is issued anytime a source address is aged out of the Source Address Table due to inactivity. The trap’s interesting information includes the board and port index, and the source address that timed out. (See Setting the Ageing Time in Chapter 4, Source Addressing, for more information.)

All other source address traps (portTypeChanged, lockStatusChanged, portSecurityViolation, and portViolationReset, all defined in Chapter 4, Source Addressing) will continue to be generated as appropriate, as will the security- specific traps:

A secureStateChange trap indicates that a port has changed from a securable state to an unsecurable state, or vice versa; the interesting information includes board and port index.

A learnStateChange trap indicates that a port has had its learned addresses reset. Interesting information includes board and port index, and current learn state. Note that SPMA always maintains ports in a learn state, and just resets that learn state to achieve a reset of existing learned and secure addresses.

A learnModeChange trap is issued when a port is set to continuous lock mode; interesting information includes board and port index, and current learn mode.

When setting these parameters at the various levels, keep in mind that the most recent setting will override the existing status: for example, if you lock one or more ports at the port level, then unlock them at the hub level, all ports on the hub will be unlocked. Similarly, if you enable traps at the hub level, then disable them at the repeater level, traps will be disabled for all ports on the repeater.

6-12

Enabling Security and Traps

Page 75 Page 77
Page 76
Image 76
Cabletron Systems SEHI-32/34, SEHI-22/24 manual Enabling Security and Traps
Page 75 Page 77

SEHI-22/24, SEHI-32/34 specifications

Cabletron Systems was a notable player in the networking hardware market during the rise of local area networks (LANs) in the late 20th century. Among its innovative products were the SEHI-22/24 and SEHI-32/34 modules, which were designed to enhance network capabilities in enterprise environments.

The SEHI-22/24 and SEHI-32/34 were versatile high-performance Ethernet switch modules that offered significant advantages in network management and connectivity. These modules were designed to work with Cabletron's modular switching and routing architecture, allowing for scalable solutions tailored to specific network demands. A key feature of the SEHI series was its support for a range of Ethernet standards, ensuring compatibility with diverse networking environments.

One notable characteristic of the SEHI-22/24 was its ability to support both 10Base-T and 100Base-TX Ethernet technologies. This dual support enabled organizations to leverage existing 10 Mbps infrastructure while facilitating upgrades to 100 Mbps speeds without needing a complete overhaul of the network. Similarly, the SEHI-32/34 offered even greater connectivity options, accommodating more users and devices while maintaining high throughput and low latency.

In terms of management features, the SEHI series was equipped with extensive traffic management capabilities, including Quality of Service (QoS) features that prioritized bandwidth for critical applications. This ensured that essential services such as voice over IP (VoIP) and video conferencing could function optimally, even during heavy network loads.

Furthermore, both modules featured advanced diagnostics and monitoring tools that provided network administrators with critical insights into traffic patterns and potential bottlenecks. This functionality was essential for maintaining network health and optimizing performance, especially in dynamic business environments.

Security also played a crucial role in the design of the SEHI-22/24 and SEHI-32/34. The modules incorporated support for various authentication methods and access controls, ensuring that sensitive data remained protected within the corporate network.

In summary, Cabletron Systems’ SEHI-22/24 and SEHI-32/34 offered significant advancements in Ethernet switching technology, allowing organizations to build robust, scalable, and secure networks. With their impressive features, compatibility, and capacity for management and security, these modules were instrumental in shaping reliable networking solutions for enterprises navigating the rapidly evolving digital landscape.
Top Page Image Contents