Lane Security - 3Com CoreBuilder 7000 Operation Manual

LANE Security

If possible, the primary LECS should not be configured on a switch
with primary LESs.


Do not clump too many primary LESs on a single switch. Distribute
LESs across the backbone
There is an important pre-condition for LANE redundancy to operate
correctly. Under some circumstances, some LECs cannot bind to the
backup LES even when they get the correct information about the
backup LES from the LECS. This may be due to problems with route
redundancy. It is important to ensure that ATM re-routing will work even
when some links or a switch is down. If a LEC cannot bind to the backup
LES, it is necessary to check if the LEC can connect to the LES and if the
LES can, in turn, connect back to the LEC. Correct E-IISP planning for
route failover/redundancy is required for LANE redundancy to work.
This section discusses the LANE security mechanism and includes the
following topics:


General Concepts


Security Algorithm


Factory Default Configuration


LMA Security Commands
The LANE security mechanism allows you to prevent unauthorized LECs
from joining a specific ELAN of the 7000 family ATM switch. The system
compares the ATM address or network prefix of a candidate LEC to a
security table of addresses in the ELAN to determine its right to join.
LANE security has the following elements:


Lock out individual or group — You can lock out any individual LEC by
its full ATM address or a group of LECs with a common network
prefix.


Authorized LEC limit — Up to 500 authorized LEC addresses per
switch can be entered into the security tables.


Disable security — The security feature can be disabled for the entire
switch.


Snapshot — A security table for an ELAN can be built automatically
from the LECs currently operational in the ELAN.
LANE Security 161