Setting Outbound Security With Eavesdrop Prevention - HP J3188A Installation And Reference Manual

Table of Contents

Advertisement

Security Information

Setting Outbound Security with Eavesdrop Prevention

Setting Outbound Security with
Eavesdrop Prevention
Eavesdrop Prevention allows a port to receive a packet transmitted on the
network as valid data only if the port's MAC address matches the packet's
destination address. If the port's MAC address does not match the packet
destination address, the port will receive a packet containing a meaningless
data field of alternating 1's and 0's. Multicast and broadcast packets are
transmitted to all ports unmodified.
Note that sending a packet containing alternating 1's and 0's will continue to
allow the port to detect the traffic on the network, so that the CSMA/CD
network requirements are met. However, the port will correctly record the
invalid data packet received as a CRC error. An end-user attached to an HP
hub implementing Eavesdrop Prevention data security will normally record a
high number of CRC errors on the computer card statistics.
The illustration on the next page shows the use of outbound data security
using Eavesdrop Prevention. This type of data security should be enabled on
any port that is to receive data on a "need to know" basis. The port must have
an authorized MAC address configured and must be connected to only one
end-user.
Eavesdrop Prevention may not be used on cascaded ports, or ports connected
to a network with multiple end users.
In the illustration below, Server 104 is transmitting a packet destined for PC
101. (For illustration purposes, the numbers 101, 102, 103, and 104 are used to
represent 12-digit hexadecimal MAC addresses.) The ports for PC 101 and PC
102 have Eavesdrop Prevention enabled or configured ON. Because PC 101's
MAC address matches the packet destination address, it receives the packet
unaltered. However, PC 102's MAC address does not match the packet desti-
nation address and therefore it receives a useless packet (the packet data field
contains a meaningless pattern of alternating 1's and 0's.) The port for PC 103
does not have Eavesdrop Prevention enabled and therefore PC 103 receives
the packet unaltered from Server 104.
F-6

Advertisement

Table of Contents
loading

This manual is also suitable for:

Procurve 10base-t 12

Table of Contents