IBM 8260 Switch User Manual


 
The entire process of eavesdropping protection takes 32 bit-times from the time
the E-SEC card receives the destination address field in the packet.
7.11.2 Configuring the Security Module
To be able to use the security module you must perform the following steps:
1. Assign the security module to the backplane segment on which you want to
use the security feature. The following command is an example of how to
assign the security card, which is mounted on our 10-port 10Base-F module
which is installed in slot 7, to Ethernet_3 segment:
8260A> set module 7.2 network ethernet_3
2. Use the following command to display the current security settings for your
network:
8260A> show security network ethernet_3
This command is necessary to determine the settings of various security
parameters in your network. Figure 77 shows the default security settings
when you first install the E-SEC module in your hub and assign it to a
segment.
8260A> show security network ethernet_3
ETHERNET_3 Network Security Configuration
-------------------------------------------------------------------------------
Securing Module: Slot 07.02 Version v1.00
E-SEC: Ethernet Private Line Card
Operational Mode DISABLED
Administrative Mode DISABLED
Auto-learning: ENABLED
Eavesdrop Protection: DISABLED
Intruder Detection: Intruder Actions:
Source Address Checking: DISABLED Intruder Jamming: DISABLED
Source Port Checking: DISABLED Intruder Reporting: DISABLED
Intruder Port Disabling: DISABLED
8260A>
Figure 77. Default Security Settings
3. Build the network security address table so it contains information about all
the stations which are authorized to access your network and their
corresponding port. The network security address table can be built
automatically and/or manually. We recommend the following procedure to
build this table:
a. Build the initial table using the auto-learning feature of the E-SEC
module. To do so, you must do the following:
Enable auto-learning feature for each port on which you want the
E-SEC card to learn the MAC addresses automatically. You can use
the following example for each port:
8260A> set security port 2.15 auto-learning enable
124 8260 Multiprotocol Intelligent Switching Hub