Page 1 Title Page ® Portable Management Application for the EMM-E6 User’s Guide...
Page 3 Licensed Software, prior to installing it, is virus-free with an anti-virus system in which you have conﬁdence. Cabletron Systems makes no representations or warranties to the effect that the Licensed Software is virus-free. Copyright © 1998 by Cabletron Systems, Inc. All rights reserved.
Page 4 (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013. Cabletron Systems, Inc., 35 Industrial Way, Rochester, New Hampshire 03867-0505. 2. (a) This computer software is submitted with restricted rights. It may not be used, reproduced, or disclosed by the Government except as provided in paragraph (b) of this Notice or as otherwise expressly stated in the contract.
Page 5: Table Of Contents
Contents Chapter 1 Introduction Using the EMM-E6 User’s Guide ................1-1 What’s NOT in the EMM-E6 User’s Guide............1-3 Conventions ........................1-4 Screen Displays ...................... 1-5 Using the Mouse ....................1-6 Getting Help ........................1-7 EMM-E6 Firmware ....................... 1-8 Year 2000 Compliance ...................
Page 6 Contents Chapter 3 Alarm Conﬁguration Using Alarm Conﬁguration ..................3-2 Conﬁguring Alarms....................3-3 Setting Repeater Alarms....................3-4 Setting and Changing Alarms ................3-5 Setting Module and Port Alarms ................3-6 Setting Module Alarms ..................3-6 Setting Port Alarms....................3-8 Chapter 4 Link/Seg Traps What is a Segmentation Trap? ..................
Page 7 Contents Enabling Security and Traps..................7-12 Repeater-level Security and Traps ..............7-14 Module-level Security and Traps............... 7-15 Port-level Security and Traps ................7-17 Chapter 8 Front Panel Redundancy Setting Front Panel Redundancy ................8-1 Conﬁguring a Redundant Circuit................ 8-2 Appendix A EMM-E6 MIB Structure IETF MIB Support ......................
Page 8 Contents...
Page 9: Chapter 1 Introduction
Chapter 1 Introduction How to use the EMM-E6 User’s Guide; manual conventions; contacting the Cabletron Systems Global Call Center; EMM-E6 ﬁrmware versions supported by SPMA The EMM-E6 (Ethernet Management Module for Ethernet with six ports) provides intelligence for Cabletron Systems’ Multi-Media Access Center (MMAC) hubs.
Page 10 Introduction Stand-alone Launcher or the command line (if you are running in stand-alone mode); in addition, several applications can also be accessed from within the Hub View, a graphical display of the EMM-E6 and the hub it is managing. The EMM-E6 User’s Guide describes how to use many of the applications included with the module;...
Page 11: What's Not In The Emm-E6 User's Guide
Introduction • Chapter 8, Front Panel Redundancy , describes how to conﬁgure redundancy for the two Channel D EPIM ports on the EMM-E6’s front panel. You can access the Front Panel Redundancy application from the icon menu, the Hub View, or the command line. •...
Page 12: Conventions
Please note that the routing functionality for your EMM-E6, as well as the SPMA management modules that allow you to conﬁgure and manage that functionality, must be NOTE purchased separately. Contact the Cabletron Systems Global Call Center or your local sales representative for more information. Conventions SPECTRUM Portable Management Applications —...
Page 13: Screen Displays
Introduction graphical interface in use. For the sake of consistency, the following conventions will be followed throughout this and other SPMA guides. Screen Displays SPMA runs under a variety of different operating systems and graphical user interfaces. To maintain a consistent presentation, screen displays in this and other SPMA guides show an OSF/Motif environment.
Page 14: Using The Mouse
Introduction Some windows will also contain a button; selecting this button launches a History window (Figure 1-2) which lists all footer messages that have been displayed since the window was ﬁrst invoked. This window can help you keep track of management actions you have taken since launching a management application.
Page 15: Getting Help
Where applicable, an INFO button provides the version number; you can also view the version number for any application by typing the command to start the application followed by a -v. You can contact the Cabletron Systems Global Call Center via any of the following methods: By phone: Monday through Friday between 8 AM and 8 PM Eastern Standard Time at (603) 332-9400.
Page 16: Emm-E6 Firmware
Cabletron Systems Global Call Center for upgrade information. As a general rule, ﬁrmware versions for new products are liable to change rapidly; contact the Cabletron Systems Global Call Center for upgrade information for the latest customer NOTE release of ﬁrmware.
Page 17: Chapter 2 Using The Emm-E6 Hub View
Chapter 2 Using the EMM-E6 Hub View Navigating through the Hub View; monitoring hub performance; managing the hub The heart of the SPECTRUM Portable Management Application (SPMA) for the EMM-E6 is the Hub View, a graphical interface that gives you access to many of the functions that provide control over the EMM-E6-managed hub.
Page 18: Navigating Through The Hub View
Using the EMM-E6 Hub View Navigating Through the Hub View Within the Hub View, you can click mouse buttons in different areas of the window to access various menus and initiate certain management tasks. The following diagrams describe the information displayed in the Hub View and show you how to use the mouse to display the Device, Network, Module, and Port menus.
Page 19 Using the EMM-E6 Hub View Contact Status is a color code that shows the status of the connection between SPMA and the device: • Green means a valid connection. • Blue means that SPMA is trying to reach the device but doesn’t yet know if the connection will be successful.
Page 20 Using the EMM-E6 Hub View Figure 2-2. EMM-E6 Hub View Device Menu The Device menu lets you perform the following: • Open the Device Status window • Access the IP Address Table • Open the Polling Intervals window • Change the Port Display Form •...
Page 21: Emm-E6 Ports Display
Using the EMM-E6 Hub View If you need to call the Cabletron Systems Global Call Center about a problem with the Hub View application, you’ll need the information provided in the Info window: SPMA for the EMM-E6 application version EMM-E6 ﬁrmware revision, ﬁrmware boot prom version, and...
Page 22: Using The Mouse In A Hub View Module
Using the EMM-E6 Hub View EMM-E6 Menu BRIM Ports BRIM ports E and F will display status colors (green for ON, blue for OFF) for any installed BRIM modules, along with the BRIM type Click mouse button 3 on the (FDDI, WAN, etc.).
Page 23: Hub View Port Color Codes
“No Mgt” in the Port Display NOTE Form box. For more information about the speciﬁc capabilities of different versions of EMM-E6 ﬁrmware, contact the Cabletron Systems Global Call Center. Module Index Indicates the module’s slot number Module Type within the MMAC.
Page 24: Monitoring Hub Performance
Using the EMM-E6 Hub View • Green indicates that the port is active; that is, the port has been enabled by management, has a valid Link signal (if applicable), and is able to communicate with the station at the other end of the port’s cable segment. Note that an AUI or transceiver port will display as active as long as it has been enabled by management, even if no cable is connected.
Page 25: Port Display Form
Using the EMM-E6 Hub View Figure 2-6. The EMM-E6’s Device, Network, Module, and Port Menus Hub performance data available through these menus includes: • Device, Network, Module, and Port status descriptions. • Network, Module, and Port statistics, which provide a complete breakdown of packet activity.
Page 26 Using the EMM-E6 Hub View Changing the port display form via the Device menu will affect all manageable ports in the hub; using the Network menu will affect all ports on a speciﬁc channel, or network; and using the Module menu will affect all ports on the appropriate module.
Page 27 Using the EMM-E6 Hub View • OOW (Out-of-Window) Collisions For error type descriptions, see Checking Statistics page 2-20. Protocols Displays a percentage for each active port that represents what portion of that port’s trafﬁc is of a particular protocol type. You can display any one of the following protocol types: •...
Page 28 If you have any questions about which deﬁnition your version of ﬁrmware employs, or if you would like information about upgrading your EMM-E6 ﬁrmware, contact the Cabletron Systems Global Call Center. Also, see Chapter 6, Source Addressing, and Chapter 7, Security, for more information about station and trunk status.
Page 29: Checking Device Status And Updating Front Panel Info
Using the EMM-E6 Hub View Checking Device Status and Updating Front Panel Info The Device Status window is where you change the information displayed on the Hub View Front Panel and where you can see summary information about the current state of the hub. To open the Device Status window: 1.
Page 30: Checking Network Status
Using the EMM-E6 Hub View If your device ﬁrmware can accept four-digit year values, the Date ﬁeld will allow you to enter the year portion in one-, two-, or four-digit format. If you choose to enter one or two NOTE digits for the year, any value greater than or equal to 88 will be presumed to be in the 1900s;...
Page 31 Using the EMM-E6 Hub View Click mouse button 3 on the appropriate Network Connection box to open the Network menu. 2. Drag down to Status and release. Figure 2-8. EMM-E6 Network Status window Note that the information in the Network Status window applies to all MIMs connected to the selected channel, regardless of which MIM display was used to access the window.
Page 32: Checking Module Status
Using the EMM-E6 Hub View Checking Module Status You can open a Module Status window for any manageable module in the EMM-E6-controlled hub. To open the Module Status window: 1. Click button 1 in the Module Type box. Click button 3 in the Module Index, Module Type, or Port Display Form box to display the Module menu.
Page 33: Checking Port Status
Using the EMM-E6 Hub View Checking Port Status You can open a Port Status window for any port on any manageable module installed in the hub. To open the Port Status window: 1. Click button 3 in the Port Index or Port Status box to display the Port menu. 2.
Page 34 Using the EMM-E6 Hub View • Not Supported — The selected port does not support the Link feature, so the EMM-E6 cannot determine link status; this value will show only for thin coax (BNC), AUI, or transceiver ports. The fact that thin coax (BNC), AUI, and transceiver ports do not support the link feature can cause some misleading port status indicators: for example, a BNC port may show as NOTE segmented when, in fact, the cable has been disconnected;...
Page 35: Viewing The Ip Address Table
If you have any questions about which deﬁnitions are employed by your version of ﬁrmware, or if you would like information about upgrading your EMM-E6 ﬁrmware, contact the Cabletron Systems Global Call Center. Also, see Chapter 6, Source Addressing, and Chapter 7, Security, for more information about station and trunk status.
Page 36: Launching The Global Find Mac Address Tool
Using the EMM-E6 Hub View To view the IP Address Table: 1. Click on to access the Device menu. 2. Drag down to IP Address Table and release. Figure 2-11. EMM-E6 IP Address Table Note that the I/F Description for the highlighted interface is repeated in the text box at the bottom of the window;...
Page 37 Using the EMM-E6 Hub View To view hub statistics at the Network, Module, or Port levels: 1. Display the Network, Module, or Port menu by clicking mouse button 3 in the appropriate area (refer to Figure 2-5, page 2-7). 2. Drag down to Statistics and then right to either General/Errors or Protocols/Frames, and release.
Page 38: General/Error Statistics
Using the EMM-E6 Hub View Unless you close, then re-open, a window or use the Reset button, statistical counters will continue to increment until a value of 2 -1 (approximately 4 billion) is reached, at NOTE which point they will roll over and restart at 0. General/Error Statistics The General/Errors statistics windows display the following ﬁelds: Received Bytes...
Page 39 Using the EMM-E6 Hub View “legal” collisions, as opposed to the OOW collisions described below) are a natural by-product of a busy network; if you are experiencing high numbers of collisions, it may be time to redirect network trafﬁc by using bridges or routers. Extremely high collision rates can also indicate a data loop (redundant connections) or a hardware problem (some station transmitting without listening ﬁrst).
Page 40: The Emm-E6 Error Priority Scheme
Using the EMM-E6 Hub View Runt Frames The total number of received packets smaller than the minimum Ethernet frame size of 64 bytes (excluding preamble). This minimum size is tied to the maximum propagation time of an Ethernet network segment — the maximum propagation time is 51.2 s, and it takes approximately 51.2 s to transmit 64 bytes of data;...
Page 41: Protocols/Frames Statistics
Using the EMM-E6 Hub View For more detailed information about error statistics and the possible network conditions they represent, consult the Cabletron Systems Network Troubleshooting Guide, NOTE included with this package. Protocols/Frames Statistics The Protocols/Frames statistics windows display the following ﬁelds: Protocols •...
Page 42 Using the EMM-E6 Hub View Figure 2-13. Port Source Address List The Source Address List window displays the MAC addresses of all devices that have transmitted packets through the selected port within a time period less than the SAT’s deﬁned aging time (addresses that have not transmitted a packet during one complete cycle of the aging timer will be purged).
Page 43: Managing The Hub
Using the EMM-E6 Hub View The snapshots of the Source Address List that you can obtain via this feature do not reﬂect the current port security status of the SAT — that is, when Source Address Locking is NOTE enabled, you can still observe addresses being aged out of the table and new addresses being added as you refresh the Source Address List displayed in this window.
Page 44 Using the EMM-E6 Hub View Figure 2-14. EMM-E6 Polling Intervals 3. To activate the desired polling, click mouse button 1 on the selection box to the right of each polling type ﬁeld. 4. To change a polling interval, highlight the value you would like to change, and enter a new value in seconds.
Page 45: Conﬁguring Fnb Connections
Cabletron’s original Media Interface Modules (MIMs) are automatically conﬁgured to operate on the original backplane channel, Channel A. However, Cabletron Systems’ latest family of MIMs — Repeater, or RIC, MIMs (the FORMIM, CXRMIM, TPRMIM, and TPXMIM) — can be selectively conﬁgured to operate on the B or C channel, or, since they provide their own repeater functionality, in a stand-alone mode.
Page 46: Conﬁguring Ric Mim Connections
Using the EMM-E6 Hub View Conﬁguring RIC MIM Connections Because each RIC MIM repeats packets independently, you can insert it into the network via backplane channels B or C, or isolate it to act as a self-contained network. To change a RIC MIM’s channel assignment: 1.
Page 47 Using the EMM-E6 Hub View mode. When conﬁgured to operate on channels B or C, the TPXMIM provides its own repeating; when operating on Channel A, its ports depend on the EMM-E6 for repeater functionality. All TPXMIM ports default to channel B when ﬁrst installed.
Page 48: Setting A Port's Trunk Type
Using the EMM-E6 Hub View To place only selected ports in stand-alone mode, you must conﬁgure all other ports so that they are connected to Channel A; those ports will remain connected to Channel A NOTE when stand-alone mode is implemented, and only those ports connected to channels B or C will be put in stand-alone.
Page 49 If you have any questions about which deﬁnitions your version of ﬁrmware employs, or if you would like information about upgrading your EMM-E6 ﬁrmware, contact the Cabletron Systems Global Call Center. Also, see Chapter 6, Source Addressing, and Chapter 7, Security, for more information about station and trunk status.
Page 50: Enabling/Disabling Mim Ports
Using the EMM-E6 Hub View If you use the Trunk Type option on the Port menu to manually change a port’s topology status from Force Trunk to Not Forced, any status change from trunk to station will not NOTE be reﬂected in the port display until the current cycle of the Source Address timer is complete.
Page 51: Chapter 3 Alarm Conﬁguration
Chapter 3 Alarm Conﬁguration Using Alarm Conﬁguration; setting repeater alarm conﬁguration; setting port and module alarm conﬁguration Alarms work in conjunction with your network management system to let you know when deﬁned thresholds have been reached. You deﬁne the conditions that will trigger an alarm using the Alarm Conﬁguration application.
Page 52: Using Alarm Conﬁguration
Alarm Conﬁguration Using Alarm Conﬁguration To open the Alarms window from the icon: 1. Click on the appropriate EMM-E6 icon to display the icon menu. 2. Drag down to Alarm Conﬁguration and release. from the Hub View: 1. In the Hub View, click on to display the Device menu.
Page 53: Conﬁguring Alarms
Alarm Conﬁguration Conﬁguring Alarms While conﬁguring alarms for your EMM-E6 you must set the threshold and timebase that will factor in triggering the alarm. From the repeater alarms window you set an alarm timebase that applies to all enabled alarms at the repeater, module and port level;...
Page 54: Setting Repeater Alarms
Alarm Conﬁguration Alignment If this check box is selected, all misaligned packets will be included in calculating the overall percentage of errors. A misaligned packet is one with an non-integral number of bytes; these are also sometimes referred to as framing errors.
Page 55: Setting And Changing Alarms
Alarm Conﬁguration Setting and Changing Alarms 1. In the Alarms window, click mouse button 1 on a repeater selection in the scroll list. 2. Click mouse button 1 on to open the Set Repeater Alarms window. Figure 3-2. Set Repeater Alarms Window 3.
Page 56: Setting Module And Port Alarms
Alarm Conﬁguration The Timebase applies to all enabled alarms, port-level and module-level alarms as well as repeater-level alarms. The Timebase appears in each alarms window — repeater, module, NOTE and port — but you can only edit it in the Repeater Alarms window. Since alarm condition samples are taken at the end of the deﬁned timebase interval, alarm conditions which occur over the span of two timebase intervals will not be detected even if the threshold is crossed within the deﬁned timebase.
Page 57 Alarm Conﬁguration Figure 3-3. Set Module Alarms Window 3. Select one or more modules in the scroll list. To apply one set of conditions to all modules, you can either select each module in the list or use the Set Alarm For box at the bottom of the window to choose either Selected Modules, which applies the conditions to the modules you selected in the module list, or All Modules, which applies the conditions to all modules in the...
Page 58: Setting Port Alarms
Alarm Conﬁguration 7. If you select Yes for Disable Module on Alarm, the deﬁned condition will cause the device to disable the module. If a module is disabled by an alarm, you must manually re-enable the module before it can again pass trafﬁc.
Page 59 Alarm Conﬁguration 3. Select one or more ports in the scroll list. To apply one set of conditions to all ports, you can either select each port in the list or use the Set Alarm For box at the bottom of the window to choose either Selected Ports, which applies the conditions to the ports you selected in the port list, or All Ports on Repeater, which applies the conditions to all the ports on the repeater, or All Ports on Module, which applies the conditions to all the ports on the module.
Page 60 Alarm Conﬁguration 3-10 Setting Module and Port Alarms...
Page 61: Chapter 4 Link/Seg Traps
Chapter 4 Link/Seg Traps What are Link and Segmentation traps; enabling and disabling these traps at the device, module, and port levels Among the traps which Cabletron devices are designed to generate are traps that indicate when a repeater port gains or loses a link signal, when the repeater segments (disconnects) a port due to collision activity, and when a segmented port becomes active again.
Page 62: What Is A Link Trap
Link/Seg Traps Unterminated BNC (thin coax) ports appear in the Hub View as segmented ports. When you attach a thin coax cable or a 50 terminator to a port, the repeater generates a NOTE portUnsegmenting trap; when you remove the cable or terminator, the repeater generates a portSegmenting trap.
Page 63 Link/Seg Traps from the Hub View: 1. Click on to display the Device menu. 2. Drag down to Link/Seg Traps and release. from the command line (stand-alone mode): 1. From the appropriate directory, type spmarun r4hwtr <IP address> <community name> The spmarun script invoked ﬁrst in the above command temporarily sets the environment variables SPMA needs to operate;...
Page 64: Conﬁguring Link/Seg Traps For The Repeater
Link/Seg Traps Conﬁguring Link/Seg Traps for the Repeater To enable or disable Link and Segmentation traps for all ports on a repeater: 1. In the Repeater Link/Seg Traps window, click mouse button 1 on the repeater interface for which you would like to conﬁgure link and segmentation traps. 2.
Page 65 Link/Seg Traps Figure 4-3. The Module Traps Window 3. In the Module Traps window, click mouse button 1 to select the module for which you wish to conﬁgure link and segmentation traps. If the Set Trap Status For ﬁeld displays Selected Modules (the default setting), you can click to select any modules;...
Page 66: Viewing And Conﬁguring Link/Seg Traps For Ports
Link/Seg Traps Viewing and Conﬁguring Link/Seg Traps for Ports To enable or disable Link and Segmentation traps for individual ports: 1. In the Repeater Link/Seg Traps window, select a repeater in the scroll list. 2. Click mouse button 1 on ;...
Page 67 Link/Seg Traps 5. Click on the appropriate selection in the Segmenting Traps ﬁeld to Enable or Disable segmenting traps, as desired. 6. Click on to save your changes; click on to exit the window. Enabling and Disabling Link/Seg Traps...
Page 68 Link/Seg Traps Enabling and Disabling Link/Seg Traps...
Page 69: Repeater Redundancy
Chapter 5 Repeater Redundancy This chapter describes how to conﬁgure and enable redundant circuits Setting Network Circuit Redundancy The redundancy application gives you the ability to deﬁne redundant circuits for your EMM-E6 to ensure that critical network connections remain operational. Each circuit has a designated primary port and one or more backup ports.
Page 70 Repeater Redundancy from the command line (stand-alone mode) 1. From the appropriate directory, type: spmarun r4red <IP address> <community name> The spmarun script invoked ﬁrst in the above command temporarily sets the environment variables SPMA needs to operate; be sure to use this command any time you launch an NOTES application from the command line.
Page 71 Repeater Redundancy Figure 5-2. The Channel X Redundancy Window If you want to change a circuit’s name or the number of retries, highlight the appropriate circuit and click . The Change Circuit window, Figure 5-3, will appear. Figure 5-3. The Change Circuit Window Setting Network Circuit Redundancy...
Page 72: Setting Network Circuit Redundancy
Repeater Redundancy In the appropriate boxes, enter a new circuit name (up to 16 alphanumeric characters) and/or number of retries; Retries is the number of times the EMM-E6 tests the connection to the ﬁrst IP address listed in the Circuit Addresses window before it gives up and moves on to the next address.
Page 73 Repeater Redundancy 5. By default, all ports are created as Inactive Backup ports. You should set one port to be the Primary port and one port to be the Active port. Typically, the same port is both Primary and Active but this is not required. To select primary and active ports, click button 1 on a port to highlight it then click select the same or another port and click .
Page 74: Monitoring Redundancy
Repeater Redundancy Monitoring Redundancy Once you have conﬁgured your redundant circuits, you can use the ﬁelds in the All Circuits box to set the parameters that the EMM-E6 uses to periodically test each of the circuits. The EMM-E6 automatically polls all enabled circuits through the Primary port and all Backup ports at the time speciﬁed in the Test Time box.
Page 75: Chapter 6 Source Addressing
Chapter 6 Source Addressing Displaying the Source Address list; setting the Aging Time; selecting the Hash Type; effects of Source Address Locking; conﬁguring Source Address traps; ﬁnding a Source Address Displaying the Source Address List The Source Address List, or Table (SAT), contains the MAC address and its associated vendor name for each device communicating through a port in the EMM-E6-controlled hub.
Page 76 ﬁrmware; if the Module Trap and Port Trap NOTE buttons are grayed out, these features are not available on your device. Contact the Cabletron Systems Global Call Center for more information on upgrading your device ﬁrmware. Displaying the Source Address List...
Page 77 Source Addressing To view the source address list for the device, highlight the interface for which you wish to view the SAT, then click mouse button 1 on ; the Source Address List window, Figure 6-2, will appear. Figure 6-2. The Source Address List Window The Source Address List window displays addresses of all devices that have transmitted packets through the EMM-E6 within a time period less than the SAT’s deﬁned aging time (addresses that have not transmitted a packet during one...
Page 78: Setting The Aging Time
Source Addressing The snapshots of the Source Address List that you can obtain via this feature do not reﬂect the current port security status of the SAT — that is, when Source Address Locking is NOTE enabled, you can still observe addresses being aged out of the table and new addresses being added as you refresh the Source Address List displayed in this window.
Page 79: Locking Source Addresses
Source Addressing 2. Click mouse button 1 on ; the Channel X Source Address List window, Figure 6-2 (page 6-3), will appear. 3. In the Hash Type ﬁeld, click mouse button 1 on the appropriate selection to apply Dec or nonDec hashing to all ports on the selected repeater channel. 4.
Page 80: Source Address Locking On Older Devices
Source Addressing Remember, you must have SuperUser (SU) access to the device in order to lock or unlock ports. NOTE In addition to activating the security measures as conﬁgured via the Security application, locking source addresses has the following effects: •...
Page 81: Conﬁguring Source Address Traps
ﬁrmware does NOT support the ability to enable and disable NOTE source addressing traps at the module and port levels. Contact the Cabletron Systems Global Call Center for information about upgrading your device ﬁrmware. SPMA does not accept the trap messages; that task is left to your network management system.
Page 82: Repeater-Level Traps
Source Addressing Other traps that will be sent in response to changes in source addressing (even when the above traps have been disabled) include: • PortTypeChanged traps are issued when a port’s topology status changes from station to trunk, or vice versa. The interesting information includes the board and port index, and the port’s new topology status.
Page 83: Module- And Port-Level Traps
Source Addressing Module- and Port-level Traps To set module- and port-level source addressing traps, select the appropriate channel in the Repeater Source Address window, then click on enable and disable module-level traps, or on to enable and disable port-level traps. It is not necessary to close the Source Address List before launching the module and port traps windows;...
Page 84 Source Addressing Figure 6-3. The Module Source Address Traps Window To enable or disable port-level traps: 1. In the Port Source Address Traps window (Figure 6-4, below), click mouse button 1 to select the port or ports for which you wish to enable or disable traps.
Page 85: Finding A Source Address
Source Addressing Figure 6-4. The Port Source Address Traps Window 2. Click on the appropriate selection in the Trap Status ﬁeld to enable or disable traps for the selected port(s), as desired. 3. Click on to save your changes. Finding a Source Address You can use the button to locate a source address in the list by the module and port through which it is communicating with the EMM-E6.
Page 86 Source Addressing Figure 6-5. Find Source Address Window 2. In the MAC Address ﬁeld, enter the source address you wish to locate in a hexadecimal (XX:XX:XX:XX:XX:XX) format. 3. Click on . If the address is in the table at the time the search is initiated, the remaining ﬁelds in the window will display the module and port through which the address is communicating with the EMM-E6.
Page 87: Chapter 7 Security
Chapter 7 Security Launching the Security application; LANVIEW deﬁned; conﬁguring security; enabling security SECURE and traps at the repeater, module, and port levels; security on non-LANVIEW MIMs SECURE The Security application allows you to conﬁgure and manage the LANVIEW feature incorporated into the new generation of Cabletron’s SECURE repeater family of MIMs: the TPRMIM-xxS, FORMIM-xxS, CXRMIM-S, and TPXMIM-xxS.
Page 88: What Is Lanviewsecure
Security from the command line (stand-alone mode): 1. From the appropriate directory, type spmarun r4sec <IP address> <SU community name> The spmarun script invoked ﬁrst in the above command temporarily sets the environment variables SPMA needs to operate; be sure to use this command any time you launch an NOTES application from the command line.
Page 89 Security When the LANVIEW feature is enabled, it provides two kinds of SECURE protection: intruder protection will prevent any unauthorized source addresses from communicating with the network via a secure port, and can be conﬁgured to secure both station and trunk ports; eavesdropper protection scrambles the data portion of any packet transmitted via a secure port to all but the destination port, and can be extended to broadcast and multicast packets as well as packets destined for a single address.
Page 90: The Newest Lanviewsecure Features
Security If your EMM-E6 is running ﬁrmware more recent than 2.00.16 and previous to 3.11.xx, you will not have the ability to force a port to unsecurable status; however, for ﬁrmware versions in that range, ports which have been forced to trunk status will not be locked, so you can use the force trunk feature —...
Page 91: Security On Non-Lanviewsecure Mims
Security Forced non-secure status With the original version of LANVIEW , all ports except those which had SECURE been forced to trunk status could be locked, and would be locked automatically if locking were enabled at the repeater or module level. With the enhanced version of LANVIEW , this has changed in two ways: ﬁrst, any port which has more SECURE...
Page 92: Conﬁguring Security
Security Conﬁgurable violation response You can still choose to allow ports to remain enabled even after an unsecured address has attempted to access a locked port. If you choose not to disable a port which has experienced a violation, however, the port’s only response to an intruder will be to issue a trap after the ﬁrst violation;...
Page 93 Security Figure 7-2. Channel X Port Security Window The top portion of the window contains a list box which displays each port communicating on the selected channel, designated by module and port number. Each port’s current Lock Status, violation response, Security Level, and Trap status is also displayed.
Page 94 Security 2. In the On Violation ﬁeld, click to select disable if you want the port or ports to be disabled if any unauthorized source address is detected, or select noDisable if you wish the port to remain operational after a violation. Note that selecting the noDisable option effectively removes intruder protection from the selected ports: a trap will be sent after the ﬁrst violation, but all packets, regardless of source address, will be allowed to pass.
Page 95 Security Figure 7-3. The Addresses Window 3. On the left side of the window, the Learned Addresses list box will display all source addresses detected by the selected port during the last aging interval (see Chapter 6, Source Address, for more information on the aging interval). On the right side of the window, the Secure Addresses list box will display the source addresses which have been secured for that port.
Page 96: Boards With Multiple Caches
Security Figure 7-4. Add MAC Address Window d. Enter the desired MAC address in an xx:xx:xx:xx:xx:xx format, then click . A conﬁrmation window will appear; if you click on Yes to secure the address, it will appear in the Secure Addresses list box. 4.
Page 97: Resetting Learned Addresses
Security Resetting Learned Addresses You can clear all learned and secured addresses out of a port’s address table, and allow that port to begin learning (and securing) new addresses, as follows: 1. In the Repeater Security window, click mouse button 1 on the repeater interface for which you would like to reset learned addresses.
Page 98: Enabling Security And Traps
Security transmitted clean to all ports on that channel unless security has been enabled there, too. Packets bridged to Channel A will always be transmitted clean to all ports, regardless of lock status; however, careful bridge conﬁguration and prudent use of each port’s forwarding and blocking abilities can provide some measure of security in this case.
Page 99 Security • A newSourceAddress trap is generated when a station port — one receiving packets from zero, one, or two source addresses — receives a packet from a source address that is not currently in its source address table. Information included in this trap includes the board number, port number, and source address associated with the trap.
Page 100: Repeater-Level Security And Traps
Security Repeater-level Security and Traps Locking ports at the repeater, or channel, level applies all applicable security (as conﬁgured via the Port Security window) to every port on the channel. If you select a repeater whose ports have different security capabilities, you may still be able to select and apply security states which are not applicable to all ports.
Page 101: Module-Level Security And Traps
Security 5. Click mouse button 1 on to save your changes; the new status will be displayed in each ﬁeld to the right of the ﬁeld name. Click on to exit the window. Module-level Security and Traps Locking ports at the module level applies all applicable protections (as conﬁgured via the Port Security window) to each port on the selected module or modules.
Page 102 Security Figure 7-6. Channel X Module Security Window 3. Use the Set Security For ﬁeld or the mouse to select the module or modules for which you wish to conﬁgure security (note that the settings in the Set Security For ﬁeld will change automatically as you click to select or de-select modules).
Page 103: Port-Level Security And Traps
Security Port-level Security and Traps To enable or disable security and/or traps at the port level: 1. In the Repeater Security window, click to selected the desired repeater interface, or channel, in the scroll list. 2. Click ; the Channel X Port Security window, Figure 7-7, will appear.
Page 104 Security 4. In the Security Mode ﬁeld, click mouse button 1 on the appropriate selection to apply Full or Continuous lock status to the selected port(s), or to Unlock selected ports. (Note that if your EMM-E6 does not support the newest security enhancements, or if the group of ports you have selected includes one on a non- LANVIEW MIM, the Continuous selection will be...
Page 105: Chapter 8 Front Panel Redundancy
Chapter 8 Front Panel Redundancy This chapter describes setting up front panel redundancy Setting Front Panel Redundancy When you conﬁgure front panel redundancy, you designate one of the EMM-E6’s redundant front panel ports as the active port and the other port as the backup.
Page 106: Conﬁguring A Redundant Circuit
Front Panel Redundancy The spmarun script invoked ﬁrst in the above command temporarily sets the environment variables SPMA needs to operate; be sure to use this command any time you launch an NOTES application from the command line. This script is automatically invoked when you launch an application from the icon menu or from within the Hub View.
Page 107 Front Panel Redundancy 1. Use mouse button 1 to highlight a port, either AUI #1 or AUI #2. 2. Click on to access the Add Circuit Address window, Figure 8-2. Figure 8-2. Add Circuit Address Window 3. In the Add Circuit Address window, enter the IP Address of a network device and then click .
Page 108: Setting Front Panel Redundancy
Front Panel Redundancy Setting Front Panel Redundancy...
Page 109: Appendix A Emm-E6 Mib Structure
Appendix A EMM-E6 MIB Structure EMM-E6 management information base conﬁguration IETF MIB Support In addition to its proprietary features, the EMM-E6 currently supports the following IETF MIBs: • RFC 1213 MIB for Network Management of TCP/IP-based Internets: MIB-II • RFC 1271 Remote Network Monitoring MIB •...
Page 110: Mib Components
EMM-E6 MIB Structure MIB Components The EMM-E6 MIB components are described below. Note, however, that at any given time the component list displayed by your EMM-E6 may not include some of the components described below, since the EMM-E6 has the ability to alter the components which make up its MIB in response to changes in the chassis.
Page 111 EMM-E6 MIB Structure Repeater One, Repeater Two, and Repeater Three The Repeater MIB components control all repeater functionality on the EMM-E6’s three internal repeater channels: A, B, and C. These functions include port count, port enable/disable, port status, board number, repeater statistics (packets, bytes, collisions, errors, etc.), protocol counts, and frame sizes;...
Page 112 EMM-E6 MIB Structure Distributed LAN Monitor The Distributed LAN Monitor, or DLM, MIB component is a proprietary feature that allows you to delegate a management station’s polling responsibilities to one or more strategically placed “smart hub” devices — like an EMM-E6 — on your network, reducing overall network SNMP trafﬁc by reducing the number of devices reporting directly to your management station.
Page 113: A Brief Word About Mib Components And Community Names
EMM-E6 MIB Structure A Brief Word About MIB Components and Community Names As mentioned above, the arrangement of the EMM-E6’s MIB into a series of components provides a tremendous amount of ﬂexibility in controlling access to the EMM-E6’s conﬁguration and statistical information, since each MIB component can have its own unique set of community names, and each can be individually enabled and disabled depending on your management needs (see the Community Names chapter in the SPMA Tools Guide for more information).
Page 114 EMM-E6 MIB Structure EMM-E6 MIB Structure...
Page 115 Index CRC Errors 2-23 Ctron Use Only A-3 active port 5-5 Cyclic Redundancy Check (CRC) Errors 2-23 Active Ports 2-12 Add Circuit Address 5-4 Admin Status 2-12 Advanced Router Conﬁg 1-4 default community names A-3 Aging Time 6-3, 6-4 Device menu 2-4 aging time 2-26 Disable Module on Alarm 3-8, 3-9 alarm 3-5...
Page 116 Index History window 1-6 OOW Collisions 2-23 Host Services A-3 opening the Hub View 2-1 hostname 2-1 Orphan MIMs A-4 IETF MIBs, supported by EMM-E6 A-1 Path 1-3 inactive backup ports 5-5 Poll Interval 5-6, 8-3 intruder protection 7-3 Polling Intervals 2-4 IP address 2-3 polling intervals 2-27 IP Address Table 2-4...
Page 117 Index RMON Host A-4 Transparent Bridge A-4 Runt Frames 2-24 Trap Table 1-3 Trunk 2-19 trunk port 2-12, 2-32 trunk port security 7-3 SAT 6-1 trunk ports 6-5, 6-6, 7-3, 7-5 secure address assignment 7-3, 7-5 secure addresses 7-8 secureStateChange trap 7-13 Security 2-4, 6-5 unsecurable port 7-5, 7-6 security level 7-8...
Page 118 Index Index-4...

This manual is also suitable for:

Spectrum

Cabletron Systems Spectrum EMM-E6 User Manual

Chapter 1 Introduction

Chapter 2 Using the EMM-E6 Hub View

Chapter 3 Alarm Conﬁguration

Chapter 4 Link/Seg Traps

Chapter 5 Repeater Redundancy

Chapter 6 Source Addressing

Chapter 7 Security

Chapter 8 Front Panel Redundancy

Appendix A EMM-E6 MIB Structure

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Cabletron Systems Spectrum EMM-E6

Summary of Contents for Cabletron Systems Spectrum EMM-E6

This manual is also suitable for:

Table of Contents