station attached to that port. The transmission of the jammed packet will last the
same length of time as the original data packet. Stations that receive a jammed
packet will discard it because the CRC (Cyclic Redundancy Check) field of the
packet is incorrect.
To perform intrusion control, the E-SEC card must perform the following:
1. Determine the source address of the station transmitting the data. This
means that the transmitting station must be allowed to transmit the following
portions of the Ethernet packet:
•
Preamble (56 bits)
•
Starting delimiter (8 bits)
•
Destination address (48 bits)
•
Source address (48 bits)
2. Once the source address of the transmitting station is determined, the E-SEC
card will search the network security address table to see if the station is
authorized to transmit on that port. The time to search the network security
address table is equivalent to 11 bit-times.
3. The E-SEC card will send the security message (pass or jam) to all the 8260
ports which are attached to that segment. It takes 16 bit-times for the E-SEC
card to send this message.
4. The media module will process the security message and start jamming or
passing the packet. This process takes 8 bit-times.
As can be seen, from the time that the source address of the frame is seen by
the E-SEC card, it takes 35 bit-times to start jamming or passing the packets.
This means that the transmitting station will be able to send 35 bits of the packet
from the end of source address to the stations before the jamming process can
stop an unauthorized station. This 35 bits includes 16 bits of type/length field
and 19 bits of user data.
7.11.1.2 Eavesdropping Protection
To perform eavesdropping protection, the E-SEC card must perform the
following:
1. Determine the destination address of the station transmitting the data. This
means that the transmitting station must be allowed to transmit the following
portions of the Ethernet packet:
•
Preamble (56 bits)
•
Starting delimiter (8 bits)
•
Destination address (48 bits)
2. As soon as the E-SEC card receives the destination address within the
packet, it searches the network security address table to determine the port
to which the intended recipient is connected. This process takes 8 bit-times.
3. The E-SEC module transmits security messages to media modules attached
to that segment protected by the E-SEC card, to instruct them to jam all the
ports except the port to which the destination station is attached. This
process takes 16 bit-times.
4. The media modules will process the security message and jam or pass the
packet. This process takes 8 bit-times.
Chapter 7. 8260 Ethernet Modules 123