Resetting learned addresses, Tips for successfully implementing eavesdropper pr – Cabletron Systems EMM-E6 User Manual

Page 97

Advertising
background image

Configuring Security

7-11

Security

Resetting Learned Addresses

You can clear all learned and secured addresses out of a port’s address table, and
allow that port to begin learning (and securing) new addresses, as follows:

1.

In the Repeater Security window, click mouse button 1 on the repeater
interface for which you would like to reset learned addresses.

2.

Click mouse button 1 on

,

, or

to

open the appropriate window.

3.

In the Module or Port window, click to select the module(s) or port(s) for which
you wish to reset learned addresses.

4.

Click to select the Reset Learned Addresses option. A confirmation window
will appear; click on

to reset addresses, or on

to cancel.

The port’s address table will be cleared of all Learned and Secure addresses,
and the learning process will restart.

Tips for Successfully Implementing Eavesdropper Protection

There are a couple of things to note about eavesdropper protection, or scrambling,
that must be taken into consideration as you are planning security for your
network.

Security can only be implemented by locking a port, and can only be
completely disabled by unlocking the port. You cannot enable intruder
protection on a

LANVIEW

SECURE

MIM without also enabling eavesdropper

protection. You can, however, effectively enable eavesdropper protection
alone by selecting the noDisable option for the violation response; selecting
noDisable basically eliminates intruder protection, as all packets will be
allowed to pass regardless of their source address. (Note, however, that the
port will issue a trap after the first violation.) You can also enable eavesdropper
protection without intruder protection by selecting the Continuous lock mode;
see

Enabling Security and Traps

,

page 7-12

, for details.

When locking has been enabled for a channel, packets travelling across the
inter-RIC bus on the FNB backplane between MIMs operating on that channel
will be scrambled to all but the destination port, and security operates as you
would expect it to. However, packets are always transmitted clean to the
EMM-E6’s bridge ports, so any packets transmitted to another channel will be

NOTE

You cannot reset learned addresses for any port which is already locked or in an
unsecurable state (either natural or forced). If you select a group of ports which includes
one in a locked or unsecurable state, or if you select a module or a repeater which has a
port in one of these states, the Reset Learned Addresses option will be unavailable.

Advertising
Popular Brands
Popular manuals