Cabletron Systems SEHI-22/24 User Manual
Page 72
Security
6-8
Configuring Security
from the selected ports: a trap will be sent after the first violation, but all
packets, regardless of source address, will be allowed to pass. Ports in this
state still have active eavesdropper protection.
3.
The Security Level field allows you to select which packets not addressed to
the selected ports will be scrambled: click to select partial if you wish to
scramble the data portion of all packets
except broadcasts and multicasts;
select full if you wish to scramble broadcasts and multicasts as well. Note that
scrambling can only be applied to
LANVIEW
SECURE
hubs; this field will be
grayed out if one or more non-
LANVIEW
SECURE
hub ports has been selected
in the list box.
4.
Use the Force NonSecure field to designate which ports should be securable
(that is, lockable) and which should be unsecurable. By definition, any
LANVIEW
SECURE
port with more than 35 addresses in its source address
table (or exactly 35 for two consecutive ageing times) is unsecurable, as are
any non-
LANVIEW
SECURE
ports with more than 3 addresses (or exactly 3 for
two consecutive ageing times). Unsecurable ports — whether forced or
natural — cannot be locked, and will be designated in the list box as
Unsecurable.
5.
Click on
to save your changes; the new Security Level and
violation response settings will be displayed in the list box.
To assign secure addresses to a port:
1.
Click to select a single port in the list box; the
button will be
activated.
2.
Click on
; the Addresses window,
NOTE
Any ports which are disabled in response to a violation will remain disabled even after the
SEHI has been reset, and must be re-enabled manually. See Enabling /Disabling MIM
Ports
in Chapter 2 for more information.
NOTE
You cannot force a port to Unsecurable status if it is already locked.