Cabletron Systems EMM-E6 User Manual
What is LANVIEWsecure?
7-5
Security
Forced non-secure status
With the original version of
LANVIEW
SECURE
, all ports except those which had
been forced to trunk status could be locked, and would be locked automatically if
locking were enabled at the repeater or module level. With the enhanced version
of
locking were enabled at the repeater or module level. With the enhanced version
of
LANVIEW
SECURE
, this has changed in two ways: first, any port which has more
than 35 addresses in its source address table (or exactly 35 addresses through two
consecutive aging times) is automatically considered unsecurable and cannot be
locked while in this state; and second, you can force any port into this
unsecurable state (as long as it is not already locked).
consecutive aging times) is automatically considered unsecurable and cannot be
locked while in this state; and second, you can force any port into this
unsecurable state (as long as it is not already locked).
Learned addresses reset
By selecting the Reset Learned Addresses option in the repeater-, board-, or port-
level Security window, you can clear all learned and secured addresses out of the
selected port(s) address table, and allow that port to begin learning (and securing)
new addresses. Note that you cannot reset learned addresses on a locked port or
on a port which is designated unsecurable.
level Security window, you can clear all learned and secured addresses out of the
selected port(s) address table, and allow that port to begin learning (and securing)
new addresses. Note that you cannot reset learned addresses on a locked port or
on a port which is designated unsecurable.
Security on Non-
LANVIEW
SECURE
MIMs
LANVIEW
SECURE
features as described above apply in total only to repeater
MIMs designated as
LANVIEW
SECURE
(as indicated by a label on the front panel
and an “S” appended to the module name) and apply only to ports
communicating via FNB channels B or C. Some of the enhanced security features,
however, will apply to all MIMs installed in your EMM-E6-controlled hub,
regardless of their channel assignment or
communicating via FNB channels B or C. Some of the enhanced security features,
however, will apply to all MIMs installed in your EMM-E6-controlled hub,
regardless of their channel assignment or
LANVIEW
SECURE
status:
New definitions for station and trunk ports
All ports in your EMM-E6-controlled hub will be defined as station or trunk ports
according to the new definitions: station ports are those detecting zero, one, or
two
according to the new definitions: station ports are those detecting zero, one, or
two
source addresses; trunk ports are those detecting three or more.
Secure address assignment
Up to two source addresses detected on any station port are still automatically
secured, and you can still accept or replace these default addresses. However, you
cannot assign more than two secure addresses to any port (as there is no floating
cache available), and neither natural nor forced trunk ports will ever be locked
while in a trunk state.
secured, and you can still accept or replace these default addresses. However, you
cannot assign more than two secure addresses to any port (as there is no floating
cache available), and neither natural nor forced trunk ports will ever be locked
while in a trunk state.
NOTE
You cannot reset learned addresses or force non-secure status on a port which is already
locked; in order to implement either of those features, you must first unlock the port.
locked; in order to implement either of those features, you must first unlock the port.