Ring Security Conﬁguration | Cabletron Systems TRMMIM specs

Chapter 6

Ring Security Conﬁguration

Selecting a ring for which to set security; conﬁguring the Allowed and Disallowed Station Lists; selecting ring security levels

About Ring Security

The Ring Security application allows you to control access to the Token Ring networks being managed by the TRMMIM by specifying an “Allowed List” of stations permitted to enter the ring, a “Disallowed List” of stations removed from the Allowed List, and a security mode which controls the ring’s response to stations illegally attempting to enter the ring.

The Allowed List, which by default contains the MAC address of each station known or permitted on the ring network when security is enabled, is a database stored at the TRMMIM itself. Each Token Ring hub can store up to 250 station MAC addresses in the Allowed List, which is maintained in its battery-backed Non-Volatile Random Access Memory (NVRAM). When you power up or reset the TRMMIM, all MAC addresses will be retained and ring security resumes its previous state.

You ﬁrst build the Allowed List either by enabling ring security with the “Warn” security mode activated (as described in Conﬁguring Security, page 6-7) — which will add the MAC addresses of all stations currently detected on the ring to the Allowed List — or by individually entering the MAC addresses of each station using the Add button. Once the list has been built and updated, you can switch the security mode to “Warn and Remove,” which will issue a trap to your management station and send a Remove MAC frame to any unauthorized station (that is, one not in the Allowed List) which tries to enter the ring. You can add to the allowed list at any time.

The Disallowed List acts as a repository for the MAC addresses of stations that have been removed from the Allowed List, or station addresses that you administratively enter. These addresses are stored in a “Disallowed” database that is maintained at your management workstation. The number of entries in the database is limited only by disk space. You can add to the Disallowed List either

6-1

Image 103

Cabletron Systems TRMMIM manual Ring Security Conﬁguration, About Ring Security

Contents

Trmmim Page Virus Disclaimer Applicable to licenses to the United States Government only Restricted Rights Notice Contents Chapter Ring Map Chapter Alarm ConﬁgurationChapter Statistics Appendix a Trmmim MIB Structure Chapter Ring Security Conﬁguration Contents Trmmim Using the Trmmim User’s Guide Introduction to Spma for the Trmmim What’s not in the Trmmim Guide Screen Displays Conventions Introduction to Spma for the Trmmim Button Using the Mouse FTP Getting Help Trmmim Firmware Introduction to Spma for the Trmmim Trmmim Firmware Using the Hub View Using the Trmmim Hub View Navigating Through the Hub View Using the Trmmim Hub View Trmmim Hub View Hub View Front Panel Device Location UptimeTime and Date Device Name Using the Trmmim Hub View Using the Mouse in a Hub View Module Module Index FNB Bypass State Port Display Form Hub View Port Color Codes Port Type ErrorsFrames Total Bytes FNB Display Monitoring Hub Performance Using the Trmmim Hub View Name and Location Checking Device Status and Updating Front Panel Info Total Rings Checking Module StatusContact Date and Time Module Speed FaultSpeed Fault Location Module Name Module/Port Admin StateChecking Port Status Port Name Link State Time Checking Station StatusInsertion Trap Vendor Station NameUpstream Neighbor/Downstream Neighbor Reverse MACs Physical LocationPriority Port Mapping Conﬁguring Station Name, Location, or Priority Checking Ring Port Status Media Type Fault State TimeMedia Fault Class Checking Statistics Abort BytesLine Burst Managing the Hub at the Device Level Managing the HubFind MAC Address 12. The Find MAC Address Window Setting the Polling Intervals Contact Status 13. Trmmim Polling Intervals Statistics Device General StatusDevice Conﬁguration Port Operational State Controlling Token Ring FNB Multiplexer Connections Managing the Hub at the Module Level INS Bypass BoardLeft Connect Right Connect Clearing the Module FNB Conﬁguration Window Selections Controlling Token Ring Speed Management MGT Controlling Token Ring MIM Management ModeEnabling All Ports on Token Ring Modules Auto AUT Converting a Station Port to a Ring-out Port Managing the Hub at the Port LevelEnabling and Disabling Station and Ring Ports Removing a Station from the Ring Ring Map From the Hub View From the command line stand-alone modeLaunching the Ring Map From the icon Ring Name Selecting a Ring to Map Ring Map Utilization SpeedStations Name Quick Info Popup Window Viewing Station-speciﬁc Information Drop Board and Port Performance and Errors Setting a Station Name Viewing Management Station Conﬁguration Setting a Station Drop Commands Open Status Error Status Active Monitor Error Error Report Timer Setting the Statistics Calculation ModeViewing Ring-level Information Set Calculation Mode Window Viewing the Error Table Error Table Window Isolating Errors Total Errors Non-Isolating Errors Changing the Station Labels Viewing Device Information Device Information Window Setting the Map Poll Interval Beacon Events Viewing Beacon HistoryActive Monitor Changes Ring Purges Longest Beacon Last Beacon TypeLast Beacon Beacon Conﬁguration 12. The Beacon Conﬁguration Window Using the Find Options 13. Sample Find Windows Searching by Station Name, MAC Address, Board/Port, or Drop Finding the Active Monitor on the Network Finding the Management Station on the Network Frames or Errors measured/Δ Time in seconds 14. Sample Find Highest and Lowest Windows Accessing Other Spma Applications Alarm Conﬁguration Spmarun e5alarms IP address community name Setting and Viewing Ring Alarms Alarm Conﬁguration Setting a Ring Level Alarm Setting and Viewing Station Alarms Alarm Conﬁguration Alarm Conﬁguration Alarm Conﬁguration Setting a Station Level Alarm Alarm Conﬁguration Setting and Viewing Station Alarms Statistics Using Statistics Spmarun e5stats IP Address community name Viewing the Ring Station List Downstream Addr Module and PortStn Name Upstream Addr Monitoring Ring and Station Statistics Using the Reverse MAC ButtonRefreshing the Station List Creating a Pie Chart Creating a Graph or Meter Click mouse button 1 on KBytes Ring and Station VariablesGeneral Protocols AC Error Isolating ErrorsLine Errors Burst Error Abort Error Non-Isolating ErrorsInternal Error Frequency Errors Token Errors Statistics Ring and Station Variables About Ring Security Ring Security Conﬁguration Ring Security Conﬁguration Launching the Security Conﬁguration Window Security Conﬁguration Ring Selection window, -1, will appear Disallowed Count Allowed Station ListAllowed Count Disallowed Station List Disable Security Security Mode OptionsEnable Security Allowed/Disallowed List Conﬁguration Buttons Building the Allowed List Automatically Conﬁguring Security Station Addition Window Deleting Stations from the Allowed or Disallowed Lists Clear List Window Clearing All Entries in the Allowed or Disallowed List Remove Changing the Ring Security Mode Trmmim MIB Structure Ietf MIB Support Network One, Network Two Chassis MGRProtocol Stack Snmp Agent Telnet Brief Word About MIB Components and Community Names Trmmim MIB Structure Index Index-2 Index-3 Index-4