Security on non-lanviewsecure hubs, Security on non-lanviewsecure hubs -5, Lanview – Cabletron Systems SEHI-22/24 User Manual
Page 69: Security on non, Hubs
What is LANVIEWsecure?
6-5
Security
Forced non-secure status
With the original version of LANVIEW
SECURE
, all ports except those which had
been forced to trunk status could be locked, and would be locked automatically if
locking were enabled at the repeater or hub level. With the enhanced version of
LANVIEW
SECURE
, this has changed in two ways: first, any port which has more
than 35 addresses in its source address table (or exactly 35 addresses through two
consecutive ageing times) is automatically considered unsecurable and cannot be
locked while in this state; and second, you can force any port into this
unsecurable state (as long as it is not already locked).
Learned addresses reset
By selecting the Reset Learned Addresses option in the repeater-, board-, or port-
level Security window, you can clear all learned and secured addresses out of the
selected port(s) address table, and allow that port to begin learning (and securing)
new addresses. Note that you cannot reset learned addresses on a locked port or
on a port which is designated unsecurable.
Security on Non-
LANVIEW
SECURE
Hubs
LANVIEW
SECURE
features as described above apply in total only to hubs
designated as LANVIEW
SECURE
(as indicated by a label on the front panel and an
“S” appended to the hub name). Some of the enhanced security features,
however, will apply to all hubs installed in your SEHI-controlled hubstack,
regardless of their LANVIEW S
ECURE
status:
New definitions for station and trunk ports
All ports in your SEHI-controlled hubstack will be defined as station or trunk
ports according to the new definitions: station ports are those detecting zero, one,
or two source addresses; trunk ports are those detecting three or more.
Secure address assignment
Up to two source addresses detected on any station port are still automatically
secured, and you can still accept or replace these default addresses. However, you
cannot assign more than two secure addresses to any port (as there is no floating
cache available), and neither natural nor forced trunk ports will ever be locked
while in a trunk state.
Configurable violation response
You can still choose to allow ports to remain enabled even after an unsecured
address has attempted to access a locked port. If you choose not to disable a port
which has experienced a violation, however, the port’s only response to an
NOTE
You cannot reset learned addresses or force non-secure status on a port which is already
locked; in order to implement either of those features, you must first unlock the port.