Security on non-lanviewsecure hubs, Security on non-lanviewsecure hubs -5, Lanview – Cabletron Systems SEHI-22/24 User Manual

What is LANVIEWsecure?

6-5

Security

Forced non-secure status

With the original version of LANVIEW

SECURE

, all ports except those which had

been forced to trunk status could be locked, and would be locked automatically if
locking were enabled at the repeater or hub level. With the enhanced version of
LANVIEW

SECURE

, this has changed in two ways: first, any port which has more

than 35 addresses in its source address table (or exactly 35 addresses through two
consecutive ageing times) is automatically considered unsecurable and cannot be
locked while in this state; and second, you can force any port into this
unsecurable state (as long as it is not already locked).

Learned addresses reset

By selecting the Reset Learned Addresses option in the repeater-, board-, or port-
level Security window, you can clear all learned and secured addresses out of the
selected port(s) address table, and allow that port to begin learning (and securing)
new addresses. Note that you cannot reset learned addresses on a locked port or
on a port which is designated unsecurable.

Security on Non-

LANVIEW

SECURE

Hubs

LANVIEW

SECURE

features as described above apply in total only to hubs

designated as LANVIEW

SECURE

(as indicated by a label on the front panel and an

“S” appended to the hub name). Some of the enhanced security features,
however, will apply to all hubs installed in your SEHI-controlled hubstack,
regardless of their LANVIEW S

ECURE

status:

New definitions for station and trunk ports

All ports in your SEHI-controlled hubstack will be defined as station or trunk
ports according to the new definitions: station ports are those detecting zero, one,
or two source addresses; trunk ports are those detecting three or more.

Secure address assignment

Up to two source addresses detected on any station port are still automatically
secured, and you can still accept or replace these default addresses. However, you
cannot assign more than two secure addresses to any port (as there is no floating
cache available), and neither natural nor forced trunk ports will ever be locked
while in a trunk state.

Configurable violation response

You can still choose to allow ports to remain enabled even after an unsecured
address has attempted to access a locked port. If you choose not to disable a port
which has experienced a violation, however, the port’s only response to an

NOTE

You cannot reset learned addresses or force non-secure status on a port which is already
locked; in order to implement either of those features, you must first unlock the port.