Configuring Lanview; Secure - Cabletron Systems LANVIEWsecure User Manual

Learn State
This provides the ability to start and stop learning at the network, port group, and port level. The Object
Identifier (OID) defaults to "Learn" state. This OID automatically changes to "Nolearn" state once it has either
learned two addresses or a set has been done by management. At this point, the user can set the OID back to
"Learn" state, which causes all of the addresses on the port to be deleted and the port to begin learning again.
Similarly, if the port is in the "Learn" state, the user can set it to "Nolearn", which prevents any further
addresses from being learned on the port, port group, or network. Either action can only be taken if the port is
unlocked. The network, port group, and port level then need to have security enabled to benefit from the
Intruder Prevention and Eavesdrop Protection features.
Secure State (read only)
The secure state is a read only object. The secure state of a port is defined by the traffic on that port. A port that
is non-secure is a port that cannot support either Intruder Prevention Security or Eavesdrop Prevention. In
other words, it cannot be set to a locked state at any time. For LANVIEW
products, a port is non-secure

SECURE

if there are more than 35 addresses "seen" on a port for an aging period; or if there are exactly 35 addresses
"seen" on that port for two consecutive aging periods. For all other products, a port is non-secure if there are
more than 3 addresses "seen" on the port for the aging period; or if there are exactly 3 addresses "seen" on the
port for two consecutive aging periods. A Non-Secure port cannot be locked. And, similarly, a locked port
cannot be Forced Non-Secure. An attempt to do either will return MIB_BAD_VALUE.
Force Secure/NonSecure
To put a port in a Non-Secure configuration, set the port to Forced Non-Secure. A port that is Forced
Non-Secure stays in this condition until the force is removed, at which point it goes into a natural secure state,
based on the traffic once the next aging time is reached. This is useful for ports that have a network connection
for which you do not want security implemented.

1.3 Configuring LANVIEW

SECURE
To configure LANVIEW
, enter, through your network management system, the desired OID from the
SECURE
List of Secure OIDs.
Chapter 2 provides a list of LANVIEW
OIDs.
SECURE
Chapter 3 provides a step by step procedure for setting the LANVIEW OIDs through the management
SECURE
platform of SNMP tools using the SEHI as an example. To set OID strings, you can use the SNMP utility
described in the SEHI User's Guide or any MIB walking tool. Refer to specific MIB walking tool
documentation for instructions on how to set MIB OID strings.
Chapter 4 explains how to use the MIB Navigator utility commands of get, set, and community names for
LANVIEW
.
SECURE
Chapter 5 provides information about community names. The read-write community name for the Repeater
MIB component is necessary to perform SNMP set commands to enable/disable LANVIEW
features.
SECURE
1-4