Cabletron Systems EMM-E6 User Manual

Enabling Security and Traps

7-13

Security

•

A newSourceAddress trap is generated when a station port — one receiving
packets from zero, one, or two source addresses — receives a packet from a
source address that is not currently in its source address table. Information
included in this trap includes the board number, port number, and source
address associated with the trap. Trunk ports — those receiving packets from
three or more source addresses — will not issue newSourceAddress traps.

•

A sourceAddressTimeout trap is issued anytime a source address is aged out
of the Source Address Table due to inactivity. The trap’s interesting
information includes the board and port index, and the source address that
timed out. (See Setting the Aging Time in Chapter 6, Source Addressing, for
more information.)

All other source address traps (portTypeChanged, lockStatusChanged,
portSecurityViolation, and portViolationReset, all defined in Chapter 6, Source
Addressing

) will continue to be generated as appropriate, as will the security-

specific traps:

•

A secureStateChange trap indicates that a port has changed from a securable
state to an unsecurable state, or vice versa; the interesting information includes
board and port index.

•

A learnStateChange trap indicates that a port has had its learned addresses
reset. Interesting information includes board and port index, and current learn
state. Note that SPMA always maintains ports in a learn state, and just resets
that learn state to achieve a reset of existing learned and secure addresses.

•

A learnModeChange trap is issued when a port is set to continuous lock
mode; interesting information includes board and port index, and current
learn mode.

When setting these parameters at the various levels, keep in mind that the most
recent setting will override the existing status: for example, if you lock one or
more ports at the port level, then unlock them at the module level, all ports on the
module will be unlocked. Similarly, if you enable traps at the module level, then
disable them at the repeater level, traps will be disabled for all ports on the
repeater.

NOTE

Enabling and disabling locking from the Source Address application (described in
Chapter 6) will implement all applicable security features as they have been configured via
the port-level Security window. Note that locking ports from the Source Address window
implements Full lock status by default; however, this will not override the status of any
ports which have already been set to Continuous lock mode.

Enabling and disabling traps from the Source Address window also has the same effect as
enabling or disabling them from the Security application. Keep in mind, however, that
SPMA does not accept the trap messages; that task is left to your network management
system. (See the appropriate network management system documentation for details
about viewing trap messages.) Note, too, that no traps will be sent by the EMM-E6 unless
its trap table has been properly configured; see the EMM-E6 hardware manual and/or the
Trap Table

chapter in the SPMA Tools Guide for more information.