Table of Contents
Advertisement
1.4 Tips for Implementing LANVIEW
Features
SECURE
Security can only be implemented by locking a port, and can only be completely disabled by unlocking a port.
You cannot enable Intruder Protection on a LANVIEW
hub without also enabling Eavesdrop Protection.
SECURE
You can, however, effectively enable Eavesdrop Protection alone by de-selecting the Disable Ports option for
the violation response; choosing not to disable ports basically eliminates intruder protection, sends a trap, and
allows all packets to pass regardless of their source address. Another approach to enable Eavesdrop Protection
alone is to use Continuous Learn.
Security should not be enabled on any port that is connected to an external bridge. The bridge discards all
packets it receives as error packets since Cyclic Redundancy Checks (CRCs) are not recalculated after a packet
is scrambled.
Security should not be enabled on any port that is supporting a trunk connection with 3 or more addresses,
unless you are sure that no more than 34 consecutive addresses will attempt to use the port, and you have
secured all necessary addresses. A simple way of ensuring this is to put a port to Forced Non-Secure.
If you choose to set the board or repeater security, be advised that a board setting overrides all port settings for
the specified board, while a repeater setting overrides all board(s) and their respective port settings for the
specified channel. An integer of 3 for some OIDs indicates a mixed state.
Query chCompName and chCompSUCommStr to identify the community name for the Repeater MIB
component(s). Use the community name obtained to enable/disable LANVIEW
features.
SECURE
Secure the device console port as well as device network ports. In the Community Name Table, change the
default community name for Read-Only, Read-Write, and Superuser access privileges.
Cabletron Systems advises that all default community names be changed for each MIB component. This can be
done simultaneously through Configuration Manager of SPECTRUM, Set Community String Utility of
Remote LANVIEW/Windows, or Set Community Names Utility of SPECTRUM Element Manager/Windows.
1.5 Summary
Many methods of network security exist today to ensure the integrity of what is quickly becoming an
organization's most valuable asset — information. While no one method alone provides a complete solution
from all potential unauthorized access, when used appropriately and in conjunction with one another, a
solution set is often found. Cabletron Systems LANVIEW
is designed to discourage common security
SECURE
violations while monitoring and controlling normal moves, adds, and changes in Local Area Network (LAN)
environments.
1-5
Advertisement
Table of Contents
