Filter
Top Products
F-6
Security Information
Setting Outbound Security with Eavesdrop Prevention
Security Information
Setting Outbound Security with
Eavesdrop Prevention
Eavesdrop Prevention allows a port to receive a packet transmitted on the
network as valid data only if the port’s MAC address matches the packet’s
destination address. If the port’s MAC address does not match the packet
destination address, the port will receive a packet containing a meaningless
data field of alternating 1’s and 0’s. Multicast and broadcast packets are
transmitted to all ports unmodified.
Note that sending a packet containing alternating 1’s and 0’s will continue to
allow the port to detect the traffic on the network, so that the CSMA/CD
network requirements are met. However, the port will correctly record the
invalid data packet received as a CRC error. An end-user attached to an HP
hub implementing Eavesdrop Prevention data security will normally record a
high number of CRC errors on the computer card statistics.
The illustration on the next page shows the use of outbound data security
using Eavesdrop Prevention. This type of data security should be enabled on
any port that is to receive data on a “need to know” basis. The port must have
an authorized MAC address configured and must be connected to only one
end-user.
Eavesdrop Prevention may not be used on cascaded ports, or ports connected
to a network with multiple end users.
In the illustration below, Server 104 is transmitting a packet destined for PC
101. (For illustration purposes, the numbers 101, 102, 103, and 104 are used to
represent 12-digit hexadecimal MAC addresses.) The ports for PC 101 and PC
102 have Eavesdrop Prevention enabled or configured ON. Because PC 101’s
MAC address matches the packet destination address, it receives the packet
unaltered. However, PC 102’s MAC address does not match the packet desti-
nation address and therefore it receives a useless packet (the packet data field
contains a meaningless pattern of alternating 1’s and 0’s.) The port for PC 103
does not have Eavesdrop Prevention enabled and therefore PC 103 receives
the packet unaltered from Server 104.
MUCHO.BK : CF.FM5 Page 6 Thursday, June 26, 1997 11:37 AM