Table of Contents
Advertisement
1.2.1 Types of Protection
Intruder Prevention
Intruder Prevention prevents any unauthorized source addresses from communicating to the network via a
secure port. Intruder Prevention is based on the expected MAC address of a port. In order for
LANVIEW
to be effective, specific parameters must be set and features enabled. During Setup, the
SECURE
manager configures the Trap Screen and enables security. When an unrecognized MAC address is discovered
on a port, a trap is generated, sent to the Network Management station, and recorded on the Trap Screen. With
Locking enabled, the default configuration of Intruder Prevention is to disable the port and send trap
information to the Trap Screen.
Eavesdrop Protection
Eavesdrop Protection delivers a scrambled (a random pattern of ones and zeros) data portion of the Ethernet
packet to all ports except the port specified in the destination MAC address field of the original packet. The
result is that all ports other than the destination port receive meaningless information.
1.2.2 Features of First Generation Security
Repeater Security
You may perform the following security function at the repeater level: Lock Ports. This affects all ports on all
boards on the specified channel. The default condition is disabled.
Board Security
You may perform the following security function at the board level: Lock Ports. This affects all ports on the
specified board(s). The default condition is disabled.
Port Security
You may perform the following security functions at the port level: Disable Ports on intruder, Lock Port, and
Full Security (which enables the packet scrambling feature on broadcasts and multicast). This affects only the
specified port on a specified board.
Disable Ports (Intruder Prevention)
The Disable Ports feature disables the port when an unauthorized source address is detected. Disabling this
feature causes the port to remain operational after a violation. Not using the Disable Ports feature effectively
removes intruder protection from the selected port.
Send Trap
The Send Trap feature issues a trap after the first violation of the port; disable this feature if you do not wish to
receive these traps. The device using LANVIEW
must have the trap table properly configured for this
SECURE
selection to function. (This is essentially the same as the Send Trap on Intruder feature for the board and
channel levels — only the Object Identifier (OID) strings change).
Lock Port (Partial Security)
Lock Port feature activates security on the port. Enabling Lock Port automatically secures the source addresses
in the secure address table. The addresses that are contained in the secure address list are considered the valid
addresses for that port. If an address is received on a locked port and that address is not on the secure list, the
port will be disabled.
1-2
Advertisement
Table of Contents
