Support User Manuals

IBM 8260 Switch User Manual

Open as PDF

of 354

The entire process of eavesdropping protection takes 32 bit-times from the time

the E-SEC card receives the destination address field in the packet.

7.11.2 Configuring the Security Module

To be able to use the security module you must perform the following steps:

1. Assign the security module to the backplane segment on which you want to

use the security feature. The following command is an example of how to

assign the security card, which is mounted on our 10-port 10Base-F module

which is installed in slot 7, to Ethernet_3 segment:

8260A> set module 7.2 network ethernet_3

2. Use the following command to display the current security settings for your

network:

8260A> show security network ethernet_3

This command is necessary to determine the settings of various security

parameters in your network. Figure 77 shows the default security settings

when you first install the E-SEC module in your hub and assign it to a

segment.

 

8260A> show security network ethernet_3

ETHERNET_3 Network Security Configuration

-------------------------------------------------------------------------------

Securing Module: Slot 07.02 Version v1.00

E-SEC: Ethernet Private Line Card

Operational Mode DISABLED

Administrative Mode DISABLED

Auto-learning: ENABLED

Eavesdrop Protection: DISABLED

Intruder Detection: Intruder Actions:

Source Address Checking: DISABLED Intruder Jamming: DISABLED

Source Port Checking: DISABLED Intruder Reporting: DISABLED

Intruder Port Disabling: DISABLED

8260A>

 

Figure 77. Default Security Settings

3. Build the network security address table so it contains information about all

the stations which are authorized to access your network and their

corresponding port. The network security address table can be built

automatically and/or manually. We recommend the following procedure to

build this table:

a. Build the initial table using the auto-learning feature of the E-SEC

module. To do so, you must do the following:

•

Enable auto-learning feature for each port on which you want the

E-SEC card to learn the MAC addresses automatically. You can use

the following example for each port:

8260A> set security port 2.15 auto-learning enable

124 8260 Multiprotocol Intelligent Switching Hub

previous next