The newest lanviewsecure features, The newest lanviewsecure features -4, Lanview – Cabletron Systems EMM-E6 User Manual

Security

7-4

What is LANVIEWsecure?

Configurable violation response

Before

LANVIEW

SECURE

, any locked port which experienced a violation was shut

down automatically; now, you can choose to allow ports to remain enabled even
after an unsecured address has attempted to access a locked port. If you choose
not

to disable a port which has experienced a violation, however, the port’s only

response to an intruder will be to issue a trap after the first violation; all packets,
regardless of source address, will be allowed to pass. Ports in this state still have
active eavesdropper protection (see definition below), and all packets addressed
to any destination other than the secured address(es) will be scrambled.

Full or partial security against eavesdropping

In addition to the enhanced intruder protection features described above,

LANVIEW

SECURE

provides protection against eavesdroppers by scrambling the

data portion of each packet to all ports except the port on which the destination
address has been secured — in other words, the only port that will receive the
packet in an unscrambled (readable) format is the port to which the packet was
addressed. Two levels of eavesdropper protection are provided: full security
scrambles all packets not specifically destined to the secured port, including
broadcasts and multicasts; partial security scrambles only unicast packets.

The Newest

LANVIEW

SECURE

Features

Additional

LANVIEW

SECURE

features available on the newest firmware versions

(3.11.xx) include:

Continuous learning mode

When configuring security on the newest

LANVIEW

SECURE

devices, you can now

choose between two levels of lock status: Full lock status, which behaves as
locking has always done, and Continuous lock status, which essentially disables
intruder protection by allowing the port to continue to learn new source
addresses even when in a locked state. In this state, eavesdropper protection is
still active, and will adjust so that packets addressed to the current learned
address for a secured port are not scrambled.

TIP

If your EMM-E6 is running firmware more recent than 2.00.16 and previous to 3.11.xx,
you will not have the ability to force a port to unsecurable status; however, for firmware
versions in that range, ports which have been forced to trunk status will not be locked, so
you can use the force trunk feature — available from the Hub View port menus — to
render a port unsecurable if you wish.

NOTE

Locking ports from a Source Address window automatically provides Full lock status;
however, locking ports from the repeater- or module-level Source Address window does
not override any existing Continuous lock status settings.