Cabletron Systems LANVIEWsecure User manual
- Category
- Networking
- Type
- User manual
LANVIEW
SECURE
USER’S GUIDE
i
NOTICE
Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior
notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made.
The hardware, firmware, or software described in this manual is subject to change without notice.
IN NO EVENT SHALL CABLETRON SYSTEMS BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR
CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF OR
RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT, EVEN IF CABLETRON SYSTEMS HAS BEEN
ADVISED OF, KNOWN, OR SHOULD HAVE KNOWN, THE POSSIBILITY OF SUCH DAMAGES.
©
Copyright October 1996 by:
Cabletron Systems, Inc.
PO. Box 5005
Rochester, NH 03866-5005
All Rights Reserved
Printed in the United States of America
Order Number: 9031250-01 October 1996
SPECTRUM
,
LANVIEW
,
LANVIEW
SECURE
,
and
Multi Media Access Center
are registered trademarks of Cabletron Systems, Inc.,
and
EMME
,
EMM-E6
,
Hubstack
,
MicroMMAC
,
MMAC-Plus
,
and
SEHI
are trademarks of Cabletron Systems, Inc.
All other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies.
Printed on Recycled Paper
ii
FCC NOTICE
This device complies with Part 15 of the FCC rules. Operation is subject to the following two conditions: (1) this device may not cause
harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired
operation.
NOTE:
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC
rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a
commercial environment. This equipment uses, generates, and can radiate radio frequency energy and if not installed in accordance
with the operator’s manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area
is likely to cause interference in which case the user will be required to correct the interference at his own expense.
WARNING:
Changes or modifications made to this device which are not expressly approved by the party responsible for compliance
could void the user’s authority to operate the equipment.
DOC NOTICE
This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio
Interference Regulations of the Canadian Department of Communications.
Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la
class A prescrites dans le Règlement sur le brouillage radioélectrique édicté par le ministère des Communications du Canada.
VCCI NOTICE
This equipment is in the 1st Class Category (information equipment to be used in commercial and/or industrial areas) and conforms to
the standards set by the Voluntary Control Council for Interference by Information Technology Equipment (VCCI) aimed at preventing
radio interference in commercial and/or industrial areas.
Consequently, when used in a residential area or in an adjacent area thereto, radio interference may be caused to radios and TV
receivers, etc.
Read the instructions for correct handling.
iii
CABLETRO
N SYST
EMS, INC. PROGRAM LICENSE AGREEMENT
IMPORTANT:
Before utilizing this product, carefully read this License Agreement.
This document is an agreement between you, the end user, and Cabletron Systems, Inc. (“Cabletron”) that sets forth your rights and
obligations with respect to the Cabletron software program (the “Program”) contained in this package. The Program may be contained
in firmware, chips or other media. BY UTILIZING THE ENCLOSED PRODUCT, YOU ARE AGREEING TO BECOME BOUND BY
THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE AND THE LIMITATION OF WARRANTY AND
DISCLAIMER OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, PROMPTLY RETURN THE
UNUSED PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND.
CAB
LETRON SO
FTWARE PROGRAM LICENSE
1. LICENSE
. You have the right to use only the one (1) copy of the Program provided in this package subject to the terms and
conditions of this License Agreement.
You may not copy, reproduce or transmit any part of the Program except as permitted by the Copyright Act of the United States or
as authorized in writing by Cabletron.
2. O
THER RESTRICTIONS. You may not reverse engineer, decompile, or disassemble the Program.
3. APPLICABLE LA
W. This License Agreement shall be interpreted and governed under the laws and in the state and federal courts
of New Hampshire. You accept the personal jurisdiction and venue of the New Hampshire courts.
EXCLUSION OF WA
RRANTY AND DI
SCLAIMER OF LIABILITY
1. EXCLUSION OF WARRANTY. Except as may be specifically provided by Cabletron in writing, Cabletron makes no warranty,
expressed or implied, concerning the Program (including its documentation and media).
CABLETRON DISCLAIMS ALL WARRANTIES, OTHER THAN THOSE SUPPLIED TO YOU BY CABLETRON IN
WRITING, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE PROGRAM, THE
ACCOMPANYING WRITTEN MATERIALS, AND ANY ACCOMPANYING HARDWARE.
2. NO LIABILITY FOR CONSEQ
UENTIAL DAMAGES. IN NO EVENT SHALL CABLETRON OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF
BUSINESS, PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL, INCIDENTAL,
CONSEQUENTIAL, OR RELIANCE DAMAGES, OR OTHER LOSS) ARISING OUT OF THE USE OR INABILITY TO USE
THIS CABLETRON PRODUCT, EVEN IF CABLETRON HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. BECAUSE SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES, OR ON THE DURATION OR LIMITATION OF IMPLIED
WARRANTIES, IN SOME INSTANCES THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU.
UNITED STATES GOVE
RNMENT
RESTRICTED RIGHTS
The enclosed product (a) was developed solely at private expense; (b) contains “restricted computer software” submitted with restricted
rights in accordance with Section 52227-19 (a) through (d) of the Commercial Computer Software - Restricted Rights Clause and its
successors, and (c) in all respects is proprietary data belonging to Cabletron and/or its suppliers.
For Department of Defense units, the product is licensed with “Restricted Rights” as defined in the DoD Supplement to the Federal
Acquisition Regulations, Section 52.227-7013 (c) (1) (ii) and its successors, and use, duplication, disclosure by the Government is
subject to restrictions as set forth in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at
252.227-7013. Cabletron Systems, Inc., 35 Industrial Way, Rochester, New Hampshire 03867-0505.
iv
v
CONTENTS
CHAPTER 1
LANVIEW
SECURE
1.1 Introduction............................................................................................................................................1-1
1.2 Technology ............................................................................................................................................1-1
1.2.1 Types of Protection...................................................................................................................1-2
1.2.2 Features of First Generation Security.......................................................................................1-2
1.2.3 New Features of Second Generation Security..........................................................................1-3
1.3 Configuring
LANVIEW
S
ECURE
................................................................................................................1-4
1.4 Tips for Implementing
LANVIEW
SECURE
Features.................................................................................1-5
1.5 Summary ...............................................................................................................................................1-5
1.6 Getting Help...........................................................................................................................................1-6
CHAPTER 2 OIDs TO ENABLE/DISABLE SECURITY
2.1 Introduction............................................................................................................................................2-1
2.2 OIDs.......................................................................................................................................................2-1
CHAPTER 3 SETTING OIDs
3.1 Introduction............................................................................................................................................3-1
3.2 Guidelines..............................................................................................................................................3-1
3.3 Navigating the SNMP Tools Screen ......................................................................................................3-1
3.4 The SNMP Tools Screen.......................................................................................................................3-2
3.5 The GET Command...............................................................................................................................3-3
3.6 The SET Command...............................................................................................................................3-4
3.7 The CYCLE Command..........................................................................................................................3-6
CHAPTER 4 MIB NAVIGATOR
4.1 Introduction............................................................................................................................................4-1
4.2 Managing Device MIBs..........................................................................................................................4-2
4.3 MIB Navigator Command Set Overview................................................................................................4-2
4.3.1 Conventions for MIB Navigator Commands..............................................................................4-3
4.3.2 Navigation Commands..............................................................................................................4-3
CHAPTER 5 COMMUNITY NAMES
5.1 Introduction............................................................................................................................................5-1
5.2 Viewing MIB Components and Corresponding Community Names ......................................................5-2
5.3 More Device Community Name Examples............................................................................................5-3
vi
1-1
CHAPTER 1
LANVIEW
SECURE
1.1 Introduction
LANVIEW
SECURE
is Cabletron Systems strategy for hub-based security of Ethernet networks. Cabletron
Systems technology provides security solutions across the entire Multi Media Access Center product line
including the HubSTACK, MicroMMAC, and MMAC-Plus. Cost effective implementations in 10BASE-T
twisted pair, 10BASE2 coaxial, and 10BASE-FL fiber optic media provide the network architect freedom of
choice when incorporating physical layer security into the network.
LANVIEW
SECURE
is based on the concept of a secure repeater which protects data from being transmitted to, or
received from, unauthorized users. The hub utilizes the Media Access Control (MAC) Address of attached
users to control the flow of data both outbound to the end user, and inbound from the end user.
1.2 Technology
The backbone of
LANVIEW
SECURE
is the Repeater Interface Controller II (RIC II) Chip. It provides hardware
assistance to the
LANVIEW
SECURE
Hub Security Architecture. With the security feature enabled, the RIC II
immediately begins scrambling the data portion of the Ethernet packets repeated out to all ports, except the
port containing the actual destination MAC Address of the attached device. When a source MAC Address that
is not on the secure list for a port is detected, the management module sends a trap to the Simple Network
Management Protocol (SNMP) Network Management Station alerting the operator to the condition and/or
automatically disables the port, if so configured.
The RIC II has the intelligence to learn up to two (2) MAC Addresses per port, on the fly, allowing automatic
configuration of the secure network. Supporting two MAC Addresses per port provides support of networks
that utilize the DECnet protocol. DECnet environments support the factory assigned MAC Addresses on the
Ethernet adapter, as well as a locally administered MAC Address. The RIC II also supports a floating cache of
32 MAC Addresses that can be assigned to any port. The cache is configurable from the SNMP agent of the
device managing the chassis or hub to allow network administrators the ability to add or delete authorized user
network addresses. The total number of addresses that can be saved is platform specific. The technology can
also be applied to scramble broadcast and multicast address packets. For any limitations, refer to the Release
Notes of the
LANVIEW
SECURE
products you are using.
Security is activated by enabling Port Locking. You can lock and unlock ports at the repeater, board, and port
levels.
1-2
1.2.1 Types of Protection
Intruder Prevention
Intruder Prevention prevents any unauthorized source addresses from communicating to the network via a
secure port. Intruder Prevention is based on the expected MAC address of a port. In order for
LANVIEW
SECURE
to be effective, specific parameters must be set and features enabled. During Setup, the
manager configures the Trap Screen and enables security. When an unrecognized MAC address is discovered
on a port, a trap is generated, sent to the Network Management station, and recorded on the Trap Screen. With
Locking enabled, the default configuration of Intruder Prevention is to disable the port and send trap
information to the Trap Screen.
Eavesdrop Protection
Eavesdrop Protection delivers a scrambled (a random pattern of ones and zeros) data portion of the Ethernet
packet to all ports except the port specified in the destination MAC address field of the original packet. The
result is that all ports other than the destination port receive meaningless information.
1.2.2 Features of First Generation Security
Repeater Security
You may perform the following security function at the repeater level: Lock Ports. This affects all ports on all
boards on the specified channel. The default condition is disabled.
Board Security
You may perform the following security function at the board level: Lock Ports. This affects all ports on the
specified board(s). The default condition is disabled.
Port Security
You may perform the following security functions at the port level: Disable Ports on intruder, Lock Port, and
Full Security (which enables the packet scrambling feature on broadcasts and multicast). This affects only the
specified port on a specified board.
Disable Ports (Intruder Prevention)
The Disable Ports feature disables the port when an unauthorized source address is detected. Disabling this
feature causes the port to remain operational after a violation. Not using the Disable Ports feature effectively
removes intruder protection from the selected port.
Send Trap
The Send Trap feature issues a trap after the first violation of the port; disable this feature if you do not wish to
receive these traps. The device using
LANVIEW
SECURE
must have the trap table properly configured for this
selection to function. (This is essentially the same as the Send Trap on Intruder feature for the board and
channel levels — only the Object Identifier (OID) strings change).
Lock Port (Partial Security)
Lock Port feature activates security on the port. Enabling Lock Port automatically secures the source addresses
in the secure address table. The addresses that are contained in the secure address list are considered the valid
addresses for that port. If an address is received on a locked port and that address is not on the secure list, the
port will be disabled.
1-3
Force Trunk Port
The user may force the port to be a trunk port before locking the port. When this object is set to “Force” it
causes the port to be placed into a Trunk topological state whether the network traffic warrants such a state or
not. When this object is set to “NoForce” it allows the port to assume the topological state it naturally assumes
based on the network activity on that port. When read, this object reports the current setting. When the port is
in the Trunk state, either forced or natural, this does not send a new source address trap or an aged source
address trap.
NOTE
: Prior to having secure state, the topological state of a port (station or trunk) was used for purposes of
determining whether a port was capable of being secure. The topological state of a port no longer has any
bearing on security. In fact, the only thing that the topological state affects, is whether traps are sent out for
new and aged addresses. If the port is a trunk port, traps are not sent out at all. Topological state is determined
by the traffic or it can be forced into a trunk state by selecting the Force Trunk OID. If a port sees more than
three addresses for an aging time, or exactly three addresses for consecutive aging times, then it becomes a
trunk port. This applies to both
LANVIEW
SECURE
products and regular, non-secure products.
Adding/Deleting Secure Addresses
Through the use of the appropriate OIDs, addresses can be added to or deleted from the secure address list.
When adding addresses to a port that has never been locked, it is important to note that any learned addresses
are deleted and replaced with the manually entered addresses. If the port is locked or was once locked, then all
addresses remain in the secure list and the new addresses are added to the list.
1.2.3 New Features of Second Generation Security
Full Security (Eavesdrop Protection)
When the Full Security feature is enabled, the data portions of data packets not intended for this destination,
including broadcast and multicast, are scrambled. When the Full Security feature is disabled, broadcast and
multicast packets are transmitted unchanged, regardless of what is contained in the secure address list. The
default condition is disabled.
Continuous Learn Mode
This allows a port to continuously learn source addresses. Network administrators now have the versatility to
move stations from port to port without manually adding and deleting source addresses. This benefits
customers who are constantly conducting adds, moves, and changes to their physical network environment. To
configure a port, port group, or network for Continuous Learn Mode, use the Learn Mode object. Once
configured, the port, port group, or network has the ability to learn the source address of the last packet to be
transmitted on the port. Scrambling, however, is still done on any packets not destined for this port (Eavesdrop
Protection).
This object can be set whether the port is locked or unlocked. Upon setting to Continuous Learn, all addresses
on the port are deleted, and then the next address seen is put in the security list. If the port is locked, it secures
on the latest address, and performs destination security on that one address (scramble packets not destined for
the port). The drawback to this mode is that there is no intruder protection (source address security) on the port.
Once an intruder sends a packet, it becomes the valid address on the port.
The Learn mode object can be set regardless of whether the port is in the Secure state or Non-Secure state.
However, the port only learns addresses when it is in the Secure state.
A port that is set to Continuous Learn is put into a state of Learn. Ports in Continuous Learn Mode do not
restore any addresses when “Hot-swapped”, reset, etc. In Continuous Learn Mode, the secure addresses are not
stored in NVRAM; however, the configuration of being in Continuous Learn Mode is stored.
1-4
Learn State
This provides the ability to start and stop learning at the network, port group, and port level. The Object
Identifier (OID) defaults to “Learn” state. This OID automatically changes to “Nolearn” state once it has either
learned two addresses or a set has been done by management. At this point, the user can set the OID back to
“Learn” state, which causes all of the addresses on the port to be deleted and the port to begin learning again.
Similarly, if the port is in the “Learn” state, the user can set it to “Nolearn”, which prevents any further
addresses from being learned on the port, port group, or network. Either action can only be taken if the port is
unlocked. The network, port group, and port level then need to have security enabled to benefit from the
Intruder Prevention and Eavesdrop Protection features.
Secure State (read only)
The secure state is a read only object. The secure state of a port is defined by the traffic on that port. A port that
is non-secure is a port that cannot support either Intruder Prevention Security or Eavesdrop Prevention. In
other words, it cannot be set to a locked state at any time. For
LANVIEW
SECURE
products, a port is non-secure
if there are more than 35 addresses “seen” on a port for an aging period; or if there are exactly 35 addresses
“seen” on that port for two consecutive aging periods. For all other products, a port is non-secure if there are
more than 3 addresses “seen” on the port for the aging period; or if there are exactly 3 addresses “seen” on the
port for two consecutive aging periods. A Non-Secure port cannot be locked. And, similarly, a locked port
cannot be Forced Non-Secure. An attempt to do either will return MIB_BAD_VALUE.
Force Secure/NonSecure
To put a port in a Non-Secure configuration, set the port to Forced Non-Secure. A port that is Forced
Non-Secure stays in this condition until the force is removed, at which point it goes into a natural secure state,
based on the traffic once the next aging time is reached. This is useful for ports that have a network connection
for which you do not want security implemented.
1.3 Configuring
LANVIEW
SECURE
To configure
LANVIEW
SECURE
, enter, through your network management system, the desired OID from the
List of Secure OIDs.
Chapter 2 provides a list of
LANVIEW
SECURE
OIDs.
Chapter 3 provides a step by step procedure for setting the
LANVIEW
SECURE
OIDs through the management
platform of SNMP tools using the SEHI as an example. To set OID strings, you can use the SNMP utility
described in the SEHI User’s Guide or any MIB walking tool. Refer to specific MIB walking tool
documentation for instructions on how to set MIB OID strings.
Chapter 4
explains how to use the MIB Navigator utility commands of get, set, and community names for
LANVIEW
SECURE
.
Chapter 5 provides information about community names. The read-write community name for the Repeater
MIB component is necessary to perform SNMP set commands to enable/disable
LANVIEW
SECURE
features.
1-5
1.4 Tips for Implementing
LANVIEW
SECURE
Features
Security can only be implemented by locking a port, and can only be completely disabled by unlocking a port.
You cannot enable Intruder Protection on a
LANVIEW
SECURE
hub without also enabling Eavesdrop Protection.
You can, however, effectively enable Eavesdrop Protection alone by de-selecting the Disable Ports option for
the violation response; choosing not to disable ports basically eliminates intruder protection, sends a trap, and
allows all packets to pass regardless of their source address. Another approach to enable Eavesdrop Protection
alone is to use Continuous Learn.
Security should not be enabled on any port that is connected to an external bridge. The bridge discards all
packets it receives as error packets since Cyclic Redundancy Checks (CRCs) are not recalculated after a packet
is scrambled.
Security should not be enabled on any port that is supporting a trunk connection with 3 or more addresses,
unless you are sure that no more than 34 consecutive addresses will attempt to use the port, and you have
secured all necessary addresses. A simple way of ensuring this is to put a port to Forced Non-Secure.
If you choose to set the board or repeater security, be advised that a board setting overrides all port settings for
the specified board, while a repeater setting overrides all board(s) and their respective port settings for the
specified channel. An integer of 3 for some OIDs indicates a mixed state.
Query chCompName and chCompSUCommStr to identify the community name for the Repeater MIB
component(s). Use the community name obtained to enable/disable
LANVIEW
SECURE
features.
Secure the device console port as well as device network ports. In the Community Name Table, change the
default community name for Read-Only, Read-Write, and Superuser access privileges.
Cabletron Systems advises that all default community names be changed for each MIB component. This can be
done simultaneously through Configuration Manager of SPECTRUM, Set Community String Utility of
Remote LANVIEW/Windows, or Set Community Names Utility of SPECTRUM Element Manager/Windows.
1.5 Summary
Many methods of network security exist today to ensure the integrity of what is quickly becoming an
organization’s most valuable asset — information. While no one method alone provides a complete solution
from all potential unauthorized access, when used appropriately and in conjunction with one another, a
solution set is often found. Cabletron Systems
LANVIEW
SECURE
is designed to discourage common security
violations while monitoring and controlling normal moves, adds, and changes in Local Area Network (LAN)
environments.
1-6
1.6 Getting Help
If you need additional support related to this device, or if you have any questions, comments, or suggestions
concerning this manual, contact Cabletron Systems Technical Support:
Phone (603) 332-9400
Monday – Friday; 8
A
.
M
. – 8
P
.
M
. Eastern Time
CompuServe GO CTRON from any ! prompt
Internet mail [email protected]
FTP ctron.com (134.141.197.25)
Login
anonymous
Password
your email address
BBS (603) 335-3358
Modem setting 8N1: 8 data bits, 1 stop bit, No parity
For additional information about Cabletron Systems products, visit our
World Wide Web site: http://www.cabletron.com/
2-1
CHAPTER 2
OIDs TO ENABLE/DISABLE SECURITY
2.1 Introduction
This chapter provides a list of the OIDs for
LANVIEW
SECURE
.
2.2 OIDs
The read-write community name for the Repeater MIB component is necessary to perform SNMP set
commands to enable/disable
LANVIEW
SECURE
features. Refer to Chapter 4 for more information on
community names. The examples shown below use the following definitions: b=board, p=port.
rptrSaTrapSetSrcaddr
Description:
Object Identifier:
Data Type:
Values:
Access Policy:
{rptrSaTrapSet 1}
Enables and disables source address traps for this network.
1.3.6.1.4.1.52.4.1.1.1.4.1.6.2.1.0
Integer
1 disable
2 enable
3 other
read-write
rptrSecurityLockState
Description:
Object Identifier:
Data Type:
Values:
Access Policy:
{rptrSaSecurity 1}
Setting this object to Lock will activate the network port security lock. It is invalid to
set a value of portMisMatch(3). This value reflects a status value that the lock
status between the port group, port and repeater levels do not agree.
1.3.6.1.4.1.52.4.1.1.1.4.1.7.1.0
Integer
1 unlock
2 lock
3 portMisMatch
read-write
2-2
rptrSecuritySecureState
Description:
Object Identifier:
Data Type:
Values:
Access Policy:
{rptrSaSecurity 2}
The status of source address security of the network. Ports on the network that
are secure(1), can be locked in order to enable security. NonSecure(2) ports
cannot be locked. Setting a value of portMisMatch(3) is invalid.
1.3.6.1.4.1.52.4.1.1.1.4.1.7.2.0
Integer
1 secure
2 nonSecure
3 portMisMatch
read-only
rptrSecurityLearnState
Description:
Object Identifier:
Data Type:
Values:
Access Policy:
{rptrSaSecurity 3}
The learn state of the network. This object will only be applied to ports that are
locked. If set to learn(1), all addresses are deleted on the ports and learning
begins once again. If it is set to noLearn(2), learning stops on the port. Setting a
value of portMisMatch(3) is invalid.
1.3.6.1.4.1.52.4.1.1.1.4.1.7.3.0
Integer
1 learn
2 noLearn
3 portMisMatch
read-write
rptrSecurityLearnMode
Description:
Object Identifier:
Data Type:
Values:
Access Policy:
{rptrSaSecurity 4}
Get/Set the learn mode of the network. If set to oneTime learn mode oneTime(1),
each port is capable of learning two addresses and securing on both destination
and source addresses once they are locked. If set to continuous learn
continuous(2), all addresses are initially deleted and each port continuously
replaces the existing secure source address with the latest source address it
sees. Setting a value of portMisMatch(3) is invalid.
1.3.6.1.4.1.52.4.1.1.1.4.1.7.4.0
Integer
1 oneTime
2 continuous
3 portMisMatch
read-write
2-3
rptrPortGrpSaTrapSetSrcaddr
Description:
Object Identifier:
Data Type:
Values:
Access Policy:
{rptrPortGrpSaTrapEntry 2}
Enables and disables source address traps for the specified port group.
1.3.6.1.4.1.52.4.1.1.1.4.2.5.2.1.1.2.0
Integer
1 disable
2 enable
3 other
read-write
rptrPortGrpSrcAddrLockGrpId
Description:
Object Identifier:
Data Type:
Access Policy:
{rptrPortGrpSrcAddrLockEntry 1}
Defines particular port group for this source address security lock information.
1.3.6.1.4.1.52.4.1.1.1.4.2.6.1.1.b
Integer
read-only
rptrPortGrpSrcAddrLock
Description:
Object Identifier:
Data Type:
Values:
Access Policy:
{rptrPortGrpSrcAddrLockEntry 2}
Allows setting of the security lock status for this port group. It is invalid to set a
value of portMisMatch(3). This value is used for status to identify that the lock
status for the ports within the port group do not match the lock status for the port
group.
1.3.6.1.4.1.52.4.1.1.1.4.2.6.1.2.b
Integer
1 unlock
2 lock
3 portMisMatch
read-write
2-4
rptrPortGrpSASecurity-
SecureState
Description:
Object Identifier:
Data Type:
Values:
Access Policy:
{rptrPortGrpSrcAddrLockEntry 3}
The state of the source addressing security for this port group. Ports on the port
group that are secure(1), can be locked in order to enable security. When a value
of nonsecure(2) is returned ports cannot be locked. Setting a value of
portMisMatch(3) is invalid. A value of portMisMatch(3) reflects that not all ports
are the same value.
1.3.6.1.4.1.52.4.1.1.1.4.2.6.1.3.b
Integer
1 secure
2 nonSecure
3 portMisMatch
read-only
rptrPortGrpSASecurityLearn-
State
Description:
Object Identifier:
Data Type:
Values:
Access Policy:
{rptrPortGrpSrcAddrLockEntry 4}
The learn state of source addressing security for the port group. This Object will
only applied to ports that are unlocked. If set to learn(1), all addresses are deleted
on the port and learning begins once again. If it is set to nolearn(2), learning stops
on the port. Setting a value of portMisMatch(3) is invalid.
1.3.6.1.4.1.52.4.1.1.1.4.2.6.1.4.b
Integer
1 learn
2 noLearn
3 portMisMatch
read-write
rptrPortGrpSASecurityLearn-
Mode
Description:
Object Identifier:
Data Type:
Values:
Access Policy:
{rptrPortGrpSrcAddrLockEntry 5}
The learn mode of source addressing security port group. If set to oneTime(1),
each port is capable of learning two addresses and securing on both destination
and source addresses once they are locked. If set to continuous(2), all addresses
are initially deleted and each port continuously replaces the existing secure
source address with the latest source address it sees. Setting a value of
portMisMatch(3) is invalid.
1.3.6.1.4.1.52.4.1.1.1.4.2.6.1.5.b
Integer
1 oneTime
2 continuous
3 portMisMatch
read-write
2-5
rptrPortSrcAddrTopoState
Description:
Object Identifier:
Data Type:
Values:
Access Policy:
{rptrPortSrcAddrEntry 3}
Returns the topological state of the port. NOTE: Not related to security.
1.3.6.1.4.1.52.4.1.1.1.4.3.5.1.3.b.p
Integer
1 station
2 trunk
read-only
rptrPortSrcAddrForceTrunk
Description:
Object Identifier:
Data Type:
Values:
Access Policy:
{rptrPortSrcAddrEntry 4}
When this object is set to Force it causes the port to be placed into a Trunk
topological state whether the network traffic would warrant such a state or not.
When this object is set to noForce it allows the port to assume the topological
state it would naturally assume based on the network activity across it. When
read, this object reports the current setting. NOTE: Not related to security.
1.3.6.1.4.1.52.4.1.1.1.4.3.5.1.4.b.p
Integer
1 noForce
2 force
read-write
rptrPortSaTrapSetSrcaddr
Description:
Object Identifier:
Data Type:
Values:
Access Policy:
{rptrPortSaTrapEntry 3}
Enables and disables source address traps for this port.
1.3.6.1.4.1.52.4.1.1.1.4.3.8.2.1.1.3
Integer
1 disable
2 enable
read-write
rptrPortSecurityPortGrpId
Description:
Object Identifier:
Data Type:
Access Policy:
{rptrPortSecurityEntry 1}
Port Group ID for this source address lock entry.
1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.1.b.p
Integer
read-only
2-6
rptrPortSecurityPortId
Description:
Object Identifier:
Data Type:
Access Policy:
{rptrPortSecurityEntry 2}
The port ID for this source address lock entry.
1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.2.b.p
Integer
read-only
rptrPortSecurityLockStatus
Description:
Object Identifier:
Data Type:
Values:
Access Policy:
{rptrPortSecurityEntry 3}
Defines lock status for this particular port entry.
1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.3.b.p
Integer
1 unlock
2 lock
read-write
rptrPortSecurityLockAddAd-
dress
Description:
Object Identifier:
Data Type:
Access Policy:
{rptrPortSecurityEntry 4}
Setting a value to this object will cause a new entry to be added to the
rptrPortSecurityListTable. When read, this object will display an octet string of size
6 with each octet containing a 0.
1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.4.b.p
Octet String
read-write
rptrPortSecurityLockDelAd-
dress
Description:
Object Identifier:
Data Type:
Access Policy:
{rptrPortSecurityEntry 5}
Setting a value to this object will cause corresponding entry in the
rptrPortSecurityListTable to be deleted. When read this object returns an octet
string of length 6 with each octet having the value 0.
1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.5.b.p
Octet String
read-write
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
Cabletron Systems LANVIEWsecure User manual
- Category
- Networking
- Type
- User manual
Ask a question and I''ll find the answer in the document
Finding information in a document is now easier with AI
Related papers
-
Cabletron Systems SEHI-22 Addendum
-
Cabletron Systems EMME User manual
-
Cabletron Systems EMM-E6 Ethernet User manual
-
Cabletron Systems Spectrum EMM-E6 User manual
-
Cabletron Systems TPXMIM-33 Addendum Manual
-
Cabletron Systems MICRO-CS Installation guide
-
Cabletron Systems MicroMMAC-42T Reference guide
-
Cabletron Systems MicroMMAC-42T User manual
-
Cabletron Systems TPXMIM-33 Installation guide
-
Cabletron Systems MicroMMAC-24ES Installation guide
