Manuals / IBM / Computer Equipment / Switch

IBM 8260 manual Eavesdropping Protection

Models: 8260

1 354
Download 354 pages 1.89 Kb
Page 145
Image 145

station attached to that port. The transmission of the jammed packet will last the same length of time as the original data packet. Stations that receive a jammed packet will discard it because the CRC (Cyclic Redundancy Check) field of the packet is incorrect.

To perform intrusion control, the E-SEC card must perform the following:

1.Determine the source address of the station transmitting the data. This means that the transmitting station must be allowed to transmit the following portions of the Ethernet packet:

Preamble (56 bits)

Starting delimiter (8 bits)

Destination address (48 bits)

Source address (48 bits)

2.Once the source address of the transmitting station is determined, the E-SEC card will search the network security address table to see if the station is authorized to transmit on that port. The time to search the network security address table is equivalent to 11 bit-times.

3.The E-SEC card will send the security message (pass or jam) to all the 8260 ports which are attached to that segment. It takes 16 bit-times for the E-SEC card to send this message.

4.The media module will process the security message and start jamming or passing the packet. This process takes 8 bit-times.

As can be seen, from the time that the source address of the frame is seen by the E-SEC card, it takes 35 bit-times to start jamming or passing the packets. This means that the transmitting station will be able to send 35 bits of the packet from the end of source address to the stations before the jamming process can stop an unauthorized station. This 35 bits includes 16 bits of type/length field and 19 bits of user data.

7.11.1.2 Eavesdropping Protection

To perform eavesdropping protection, the E-SEC card must perform the following:

1.Determine the destination address of the station transmitting the data. This means that the transmitting station must be allowed to transmit the following portions of the Ethernet packet:

Preamble (56 bits)

Starting delimiter (8 bits)

Destination address (48 bits)

2.As soon as the E-SEC card receives the destination address within the packet, it searches the network security address table to determine the port to which the intended recipient is connected. This process takes 8 bit-times.

3.The E-SEC module transmits security messages to media modules attached to that segment protected by the E-SEC card, to instruct them to jam all the ports except the port to which the destination station is attached. This process takes 16 bit-times.

4.The media modules will process the security message and jam or pass the packet. This process takes 8 bit-times.

Chapter 7. 8260 Ethernet Modules 123

Page 144 Page 146
Page 145
Image 145
IBM 8260 manual Eavesdropping Protection
Page 144 Page 146