Ring security configuration, About ring security, Chapter 6 – Cabletron Systems SPECTRUM TRMMIM User Manual

Page 103: About ring security -1

background image

6-1

Chapter 6

Ring Security Configuration

Selecting a ring for which to set security; configuring the Allowed and Disallowed Station Lists;
selecting ring security levels

About Ring Security

The Ring Security application allows you to control access to the Token Ring
networks being managed by the TRMMIM by specifying an “Allowed List” of
stations permitted to enter the ring, a “Disallowed List” of stations removed from
the Allowed List, and a security mode which controls the ring’s response to
stations illegally attempting to enter the ring.

The Allowed List, which by default contains the MAC address of each station
known or permitted on the ring network when security is enabled, is a database
stored at the TRMMIM itself. Each Token Ring hub can store up to 250 station
MAC addresses in the Allowed List, which is maintained in its battery-backed
Non-Volatile Random Access Memory (NVRAM). When you power up or reset
the TRMMIM, all MAC addresses will be retained and ring security resumes its
previous state.

You first build the Allowed List either by enabling ring security with the “Warn”
security mode activated (as described in

Configuring Security

,

page 6-7

) —

which will add the MAC addresses of all stations currently detected on the ring to
the Allowed List — or by individually entering the MAC addresses of each station
using the Add button. Once the list has been built and updated, you can switch
the security mode to “Warn and Remove,” which will issue a trap to your
management station and send a Remove MAC frame to any unauthorized station
(that is, one not in the Allowed List) which tries to enter the ring. You can add to
the allowed list at any time.

The Disallowed List acts as a repository for the MAC addresses of stations that
have been removed from the Allowed List, or station addresses that you
administratively enter. These addresses are stored in a “Disallowed” database
that is maintained at your management workstation. The number of entries in the
database is limited only by disk space. You can add to the Disallowed List either

See also other documents in the category Cabletron Systems Tools: