Cabletron Systems SEHI-22/24 User Manual
Page 67
What is LANVIEWsecure?
6-3
Security
secure port, and can be configured to secure both station and trunk ports;
eavesdropper protection scrambles the data portion of any packet transmitted via a
secure port to all but the destination port, and can be extended to broadcast and
multicast packets as well as packets destined for a single address. Security is
activated by enabling port locking; you can lock and unlock ports and enable or
disable traps at the repeater-, hub-, and port-level Security windows, as well as
via the Source Address windows (see Chapter 4, Source Addressing, for more
information).
LANVIEW
SECURE
includes the following features:
New definitions for station and trunk ports
Under LANVIEW
SECURE
, station ports are now defined as those detecting zero,
one, or two source addresses; trunk ports are defined as those detecting three or
more.
Secure address assignment
The first two source addresses detected on any port are automatically secured for
both station and trunk ports; you can accept these default addresses as your
secure addresses, or you can replace them. In addition, each hub contains a
floating cache that allows you to assign an additional 32 secure addresses among
the ports of your choosing.
Trunk port security
When locking is enabled, all ports will be secured — including natural trunk
ports. (Only ports which have been forced to trunk status will remain unlocked.)
Before implementing locking on trunk ports, however, be sure you have secured
the necessary source addresses; as with station ports, only the first two detected
source addresses are secured by default.
For devices with the newest security firmware (SEHI 1.10.xx and higher), a port’s
topology status — whether it is considered to be a station port or a trunk port —
no longer determines its securability; securability is only determined by the
number of source addresses in a port’s source address table: any port which
detects fewer than 35 source addresses will be locked. Ports which exceed those
numbers are designated “unsecurable,” and will be displayed as such in the port-
level Security window; in addition, a new feature allows you to force any port to
an unsecurable (that is, unlockable) state.
TIP
When you lock ports from a repeater-, hub,-, or port-level Security window, you have the
option of setting two lock modes: Full or Continuous. When you lock ports via a Source
Address window, the lock setting will default to the Full lock mode. See the section on
Continuous Address Learning, below, or
more information on these two lock modes.