Cabletron Systems LANVIEWsecure User Manual

Manual is about: Enterasys LANVIEWsecure Repeaters: User Guide

Page of 38

Download

Print this page

Bookmark us

LANVIEW

SECURE

USER’S GUIDE

1 2 3 4 5 6 7 Next › »

Summary of LANVIEWsecure

Page 1
Lanview secure user’s guide.
Page 3
I notice cabletron systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult cabletron systems to determine whether any such changes have been made. The hardware, firmware, or software de...
Page 4
Ii fcc notice this device complies with part 15 of the fcc rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. Note: this...
Page 5
Iii cabletro n syst ems, inc. Program license agreement important: before utilizing this product, carefully read this license agreement. This document is an agreement between you, the end user, and cabletron systems, inc. (“cabletron”) that sets forth your rights and obligations with respect to the ...
Page 6
Iv.
Page 7
V contents chapter 1 lanview secure 1.1 introduction ............................................................................................................................................ 1-1 1.2 technology ..........................................................................................
Page 8
Vi.
Page 9: Lanview
1-1 chapter 1 lanview secure 1.1 introduction lanview secure is cabletron systems strategy for hub-based security of ethernet networks. Cabletron systems technology provides security solutions across the entire multi media access center product line including the hubstack, micrommac, and mmac-plus. ...
Page 10
1-2 1.2.1 types of protection intruder prevention intruder prevention prevents any unauthorized source addresses from communicating to the network via a secure port. Intruder prevention is based on the expected mac address of a port. In order for lanview secure to be effective, specific parameters m...
Page 11
1-3 force trunk port the user may force the port to be a trunk port before locking the port. When this object is set to “force” it causes the port to be placed into a trunk topological state whether the network traffic warrants such a state or not. When this object is set to “noforce” it allows the ...
Page 12
1-4 learn state this provides the ability to start and stop learning at the network, port group, and port level. The object identifier (oid) defaults to “learn” state. This oid automatically changes to “nolearn” state once it has either learned two addresses or a set has been done by management. At ...
Page 13
1-5 1.4 tips for implementing lanview secure features security can only be implemented by locking a port, and can only be completely disabled by unlocking a port. You cannot enable intruder protection on a lanview secure hub without also enabling eavesdrop protection. You can, however, effectively e...
Page 14
1-6 1.6 getting help if you need additional support related to this device, or if you have any questions, comments, or suggestions concerning this manual, contact cabletron systems technical support: phone (603) 332-9400 monday – friday; 8 a . M . – 8 p . M . Eastern time compuserve go ctron from an...
Page 15
2-1 chapter 2 oids to enable/disable security 2.1 introduction this chapter provides a list of the oids for lanview secure . 2.2 oids the read-write community name for the repeater mib component is necessary to perform snmp set commands to enable/disable lanview secure features. Refer to chapter 4 f...
Page 16
2-2 rptrsecuritysecurestate description: object identifier: data type: values: access policy: {rptrsasecurity 2} the status of source address security of the network. Ports on the network that are secure(1), can be locked in order to enable security. Nonsecure(2) ports cannot be locked. Setting a va...
Page 17
2-3 rptrportgrpsatrapsetsrcaddr description: object identifier: data type: values: access policy: {rptrportgrpsatrapentry 2} enables and disables source address traps for the specified port group. 1.3.6.1.4.1.52.4.1.1.1.4.2.5.2.1.1.2.0 integer 1 disable 2 enable 3 other read-write rptrportgrpsrcaddr...
Page 18
2-4 rptrportgrpsasecurity- securestate description: object identifier: data type: values: access policy: {rptrportgrpsrcaddrlockentry 3} the state of the source addressing security for this port group. Ports on the port group that are secure(1), can be locked in order to enable security. When a valu...
Page 19
2-5 rptrportsrcaddrtopostate description: object identifier: data type: values: access policy: {rptrportsrcaddrentry 3} returns the topological state of the port. Note: not related to security. 1.3.6.1.4.1.52.4.1.1.1.4.3.5.1.3.B.P integer 1 station 2 trunk read-only rptrportsrcaddrforcetrunk descrip...
Page 20
2-6 rptrportsecurityportid description: object identifier: data type: access policy: {rptrportsecurityentry 2} the port id for this source address lock entry. 1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.2.B.P integer read-only rptrportsecuritylockstatus description: object identifier: data type: values: access...
Page 21
2-7 rptrportsecuritydisableonvio- lation description: object identifier: data type: values: access policy: {rptrportsecurityentry 6} designates whether port is disabled if its source address is violated. A source address violation occurs when an address is detected which is not in the secure address...
Page 22
2-8 rptrportsecurityforcenonse- cure description: object identifier: data type: values: access policy: {rptrportsecurityentry 9} the force non-secure state of port. If the port is forced, non-secure via a value of forcenonsecure(2) it is put into a non-secure state, in which case it cannot be locked...
Page 23
2-9 rptrportsecuritylistportgrpid description: object identifier: data type: access policy: {rptrportsecuritylistentry 1} the port group for this security list entry. 1.3.6.1.4.1.52.4.1.1.1.4.3.9.2.1.1.B.P integer read-only rptrportsecuritylistportid description: object identifier: data type: access...
Page 24
2-10
Page 25
3-1 chapter 3 setting oids 3.1 introduction this chapter provides a step by step procedure for setting the lanview secure oids through the management platform of snmp tools using the sehi as an example. 3.2 guidelines community name the read-write or superuser community name for the repeater mib com...
Page 26
3-2 3.4 the snmp tools screen use the arrow keys to move from field to field about the screen. After entering information, use the key to accept information into that field and the arrow keys again to go to the next field or command. In this document, what you enter appears in 10 point boldface font...
Page 27
3-3 3.5 the get command lock port (partial security 1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.3 (1=unlock, 2=lock) secure state (read only) 1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.8.B.P (b=board, p=port) sehi local management cabletron sehi revision 1.10.01 snmp tools community name: channela oid prepend: 1.3.6.1.4...
Page 28
3-4 3.6 the set command set to full security 1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.7.B.P (b=board, p=port) add address to secure table 1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.4.B.P (b=board, p=port) sehi local management cabletron sehi revision 1.10.01 snmp tools community name: channela oid prepend: 1.3.6.1.4....
Page 30
3-6 3.7 the cycle command view secure address table (read only) 1.3.6.1.4.1.52.4.1.1.1.4.3.9.2.1.4.B.P (b=board, p=port) this command is especially useful for viewing oids with tables of instances that span one or many boards or ports, such as the lanview secure address table. You can increase the c...
Page 31
4-1 chapter 4 mib navigator 4.1 introduction this chapter explains how to use the mib navigator utility commands of get, set, and community names for lanview secure . Figure 4-1 shows the mib navigator screen. Note: figure 4-1 shows the mib navigator screen that would be presented after the user ent...
Page 32
4-2 4.2 managing device mibs the mib navigator lets you manage objects in the nbr management information bases (mibs). Mibs are databases of objects used for managing the device and determining the device configuration. The commands within the mib navigator allow you to view and modify an object of ...
Page 33
4-3 4.3.1 conventions for mib navigator commands this manual uses the following conventions for denoting commands: • information keyed by the user is shown in this helvetica font. • command arguments are indicated by two types of brackets: - required arguments are enclosed by [ ]. - optional argumen...
Page 34
4-4 set: syntax: set description: the set command enables you to set the value of a managed object. This command is valid only for leaf entries in the current mib tree, or for managed objects in the mib. If the leaf specified does not exist for the given path, mib navigator asks for a value. The fol...
Page 35
5-1 chapter 5 community names 5.1 introduction devices based on cabletron systems repeaterrev4 mib are structured into mib groups, with each group capable of having its own community name. This is true for the following lanview secure devices: sehi, micrommac, emme, and emm-e6. By default, the commu...
Page 36
5-2 5.2 viewing mib components and corresponding community names sehi local management cabletron sehi revision 1.10.01 snmp tools community name: public oid prepend: 1.3.6.1.4.1.52.4.1.1.2.4.1.5 get set getnext walk recall oid step cycles repeat f6 f7 f8 f9 enter cycle count: 5 enter cycle delay (se...
Page 37
5-3 5.3 more device community name examples micrommac-22e firmware version 1.10.14 chcompname=1.3.6.1.4.1.52.4.1.1.2.4.1.5 chcompsucommstr=1.3.6.1.4.1.52.4.1.1.2.4.1.12 chcompname.1 chassis mgr chcompsucommstr.1 public chcompname.2 lm chcompsucommstr.2 public chcompname.3 host services chcompsucomms...
Page 38
5-4.