Visara CNA-8000 Planning Guide User Manual

Page 30

Advertising
background image

Chapter 3. Integrated Data Link Switching

3-4

707156-002

Multiple Circuits from the Same DSLw Node

Nodes connecting through the CNA-8000 each have a DLPID, which corresponds to a
MAC address + SAP. The CNA-8000 also uses a local DLPID to receive this connection.
In general, if the downstream node requires more than one circuit between itself and the
same VTAM XCA destination, a different SAP assignment on either the CNA-8000 or
the downstream node must be used to allow the two circuits to be distinguished. Because
the MAC address and SAP of the remote node are being forwarded up to VTAM it is
necessary for each of the two circuits to use a different SAP on the remote node. This
will be true whether the DLSw nodes are attaching through dynamic or predefined
connections.

To be Promiscuous or Not

DLSw on the CNA-8000 can be set up two different ways. One method requires that each
downstream SNA destination be explicitly defined using static gateway definitions.
Using this method only the SNA downstream destinations that are predefined to the
CNA-8000 will be allowed to connect. The second method allows any SNA downstream
destination to attempt to connect. Downstream IP DLSw platforms are defined, but the
SNA endpoints on the other side of the DLSw platforms are not. This is referred to as
Dynamic or Promiscuous Mode. It should be noted that even when using the
Promiscuous Mode option only downstream destinations that are properly configured in
VTAM (proper IDNUM and IDBLK values) will ultimately be allowed to get sessions
with the host.

The tradeoff between which method is to be used is one of flexibility and ease to make
changes to the network versus security. By requiring all downstream destinations to be
explicitly configured, the CNA-8000 acts as a sentinel to allow access to only authorized
destinations. Explicit configurations require making changes to the CNA-8000
configuration during some maintenance period, as the new configuration will require a
restart of the server software to put it into affect. When set up for Promiscuous Mode,
new destinations can be added dynamically, by configuring the downstream destination
device to point at the CNA-8000, and by adding a VTAM definition for that destination
(which can be added dynamically in VTAM).

Advertising
Popular Brands
Popular manuals