Source address locking on older devices, Source address locking on older devices -6 – Cabletron Systems EMM-E6 User Manual
Page 80
Source Addressing
6-6
Locking Source Addresses
In addition to activating the security measures as configured via the Security
application, locking source addresses has the following effects:
•
On devices running older versions of firmware, unlinked ports will be
disabled immediately after locking has been enabled; these ports can be re-
enabled using their port menus, but they will immediately be disabled again
if a device is connected and begins transmitting (since the port’s source
address table was locked in an empty state). On devices with newer firmware,
unlinked ports are not automatically disabled in response to port locking, but
they, too, will be immediately disabled if a device is connected and attempts to
transmit packets.
•
Although the Source Aging Interval does not apply to station ports when
Source Address Locking is enabled, the snapshot of the SAT provided by the
Source Address List window may show a learned source address aging out if
that address remains inactive, and the appropriate trap will be generated.
•
Once Source Address Locking has been enabled, each port’s topology status
(station or trunk) remains fixed and will not change while locking remains
enabled, regardless of any changes in the number of source addresses
detected.
•
If Source Address Locking has been enabled, and one or more ports have been
shut down because a new source address attempted access, those ports will
remain disabled even after the EMM-E6 has been reset, and must be re-enabled
manually.
Source Address Locking on Older Devices
If your EMM-E6 is running a firmware version previous to 2.00.16, Source
Address Locking is implemented somewhat differently:
•
Station ports are defined as those detecting zero or one source address; trunk
ports as those detecting two or more.
•
If a locked station port experiences a violation, the port will be automatically
disabled and no traffic will be allowed through — not even traffic from the
known source address.
•
Trunk ports are never locked.
•
Unlinked ports are immediately disabled.
•
The Source Aging Interval does not apply to locked station ports.
NOTE
Remember, you must have SuperUser (SU) access to the device in order to lock or unlock
ports.