Title Page ® Portable Management Application for the EMM-E6 User’s Guide
Notice Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice.
Restricted Rights Notice (Applicable to licenses to the United States Government only.) 1. Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013. Cabletron Systems, Inc., 35 Industrial Way, Rochester, New Hampshire 03867-0505. 2. (a) This computer software is submitted with restricted rights.
Contents Chapter 1 Introduction Using the EMM-E6 User’s Guide ............................................................................... 1-1 What’s NOT in the EMM-E6 User’s Guide. . .................................................... 1-3 Conventions ................................................................................................................... 1-4 Screen Displays ......................................................................................................
Contents Chapter 3 Alarm Configuration Using Alarm Configuration ......................................................................................... 3-2 Configuring Alarms............................................................................................... 3-3 Setting Repeater Alarms............................................................................................... 3-4 Setting and Changing Alarms ..............................................................................
Contents Enabling Security and Traps...................................................................................... 7-12 Repeater-level Security and Traps ..................................................................... 7-14 Module-level Security and Traps....................................................................... 7-15 Port-level Security and Traps .............................................................................
Contents vi
Chapter 1 Introduction How to use the EMM-E6 User’s Guide; manual conventions; contacting the Cabletron Systems Global Call Center; EMM-E6 firmware versions supported by SPMA The EMM-E6 (Ethernet Management Module for Ethernet with six ports) provides intelligence for Cabletron Systems’ Multi-Media Access Center (MMAC) hubs.
Introduction Stand-alone Launcher or the command line (if you are running in stand-alone mode); in addition, several applications can also be accessed from within the Hub View, a graphical display of the EMM-E6 and the hub it is managing. The EMM-E6 User’s Guide describes how to use many of the applications included with the module; note that the instructions provided in this guide apply to the EMM-E6 module regardless of the operating system or management platform you are using.
Introduction • Chapter 8, Front Panel Redundancy, describes how to configure redundancy for the two Channel D EPIM ports on the EMM-E6’s front panel. You can access the Front Panel Redundancy application from the icon menu, the Hub View, or the command line. • Appendix A, EMM-E6 MIB Components, lists the IETF MIBs supported by the EMM-E6, and describes their arrangement in a series of MIB components. A description of the objects controlled by each component is also included.
Introduction NOTE If you are using SPMA in a stand-alone mode or in conjunction with the SunNet Manager or Solstice Enterprise Manager platforms, the RMON option will be available for all appropriate devices whether or not you have purchased the RMON application module. If you are using SPMA in conjunction with HP Network Node Manager or IBM NetView, however, the RMON option will only appear when the module has been purchased and installed.
Introduction graphical interface in use. For the sake of consistency, the following conventions will be followed throughout this and other SPMA guides. Screen Displays SPMA runs under a variety of different operating systems and graphical user interfaces. To maintain a consistent presentation, screen displays in this and other SPMA guides show an OSF/Motif environment. If you’re used to a different GUI, don’t worry; the differences are minor.
Introduction Some windows will also contain a button; selecting this button launches a History window (Figure 1-2) which lists all footer messages that have been displayed since the window was first invoked. This window can help you keep track of management actions you have taken since launching a management application. Figure 1-2. The History Window Using the Mouse The UNIX mouse has three buttons.
Introduction If you’re using a two-button mouse, don’t worry. SPMA doesn’t make use of mouse button 2. Just click the left button for button 1 and the right mouse button when instructed to use mouse button 3. Whenever possible, we will instruct you on which mouse button to employ; however, menu buttons within SPMA applications will operate according to the convention employed by the active windowing system.
Introduction Modem Setting 8N1: 8 data bits, 1 stop bit, No parity For additional information about Cabletron Systems products, visit our World Wide Web site: http://www.cabletron.com/. For technical support, select Service and Support. EMM-E6 Firmware SPMA for the EMM-E6 has been tested against firmware versions 3.22.01; if you have an earlier version of firmware and experience problems running SPMA contact the Cabletron Systems Global Call Center for upgrade information.
Chapter 2 Using the EMM-E6 Hub View Navigating through the Hub View; monitoring hub performance; managing the hub The heart of the SPECTRUM Portable Management Application (SPMA) for the EMM-E6 is the Hub View, a graphical interface that gives you access to many of the functions that provide control over the EMM-E6-managed hub.
Using the EMM-E6 Hub View Navigating Through the Hub View Within the Hub View, you can click mouse buttons in different areas of the window to access various menus and initiate certain management tasks. The following diagrams describe the information displayed in the Hub View and show you how to use the mouse to display the Device, Network, Module, and Port menus.
Using the EMM-E6 Hub View Contact Status is a color code that shows the status of the connection between SPMA and the device: • Green means a valid connection. • Blue means that SPMA is trying to reach the device but doesn’t yet know if the connection will be successful. • Red means that SPMA is unable to contact or has lost contact with the device. Uptime The time that the device has been running without interruption.
Using the EMM-E6 Hub View Figure 2-2.
Using the EMM-E6 Hub View If you need to call the Cabletron Systems Global Call Center about a problem with the Hub View application, you’ll need the information provided in the Info window: SPMA for the EMM-E6 application version EMM-E6 firmware revision, firmware boot prom version, and hardware version Figure 2-3.
Using the EMM-E6 Hub View EMM-E6 Menu BRIM Ports BRIM ports E and F will display status colors (green for ON, blue for OFF) for any installed BRIM modules, along with the BRIM type (FDDI, WAN, etc.). Click mouse button 3 on the Module Type box to access the EMM-E6 menu; drag right to select Logical, which displays the EMM-E6 bridge ports with their logical names (A, B, C, D, E, and F); or Interface Number, which displays the port names numerically (1, 2, 3, 4, 5, and 6).
Using the EMM-E6 Hub View NOTE Depending on the version of firmware installed in your EMM-E6, certain MIMs either may not display at all, or may display with the message “No Mgt” in the Port Display Form box. For more information about the specific capabilities of different versions of EMM-E6 firmware, contact the Cabletron Systems Global Call Center. Module Type Click button 1 to open the Module Status window. Click button 3 to display the Module menu.
Using the EMM-E6 Hub View • Green indicates that the port is active; that is, the port has been enabled by management, has a valid Link signal (if applicable), and is able to communicate with the station at the other end of the port’s cable segment. Note that an AUI or transceiver port will display as active as long as it has been enabled by management, even if no cable is connected. • Blue indicates that the port has been disabled through management.
Using the EMM-E6 Hub View Figure 2-6. The EMM-E6’s Device, Network, Module, and Port Menus Hub performance data available through these menus includes: NOTE • Device, Network, Module, and Port status descriptions. • Network, Module, and Port statistics, which provide a complete breakdown of packet activity. • Network-, Module-, and Port-level pie charts, graphs, and meters, for a graphic representation of the types and levels of traffic passing through the hub.
Using the EMM-E6 Hub View Changing the port display form via the Device menu will affect all manageable ports in the hub; using the Network menu will affect all ports on a specific channel, or network; and using the Module menu will affect all ports on the appropriate module.
Using the EMM-E6 Hub View • OOW (Out-of-Window) Collisions For error type descriptions, see Checking Statistics on page 2-20. Protocols Displays a percentage for each active port that represents what portion of that port’s traffic is of a particular protocol type.
Using the EMM-E6 Hub View - NOTE NOTE SEG (Segmented) indicates that the port has been segmented by the repeater due to an excessive collision level.
Using the EMM-E6 Hub View Checking Device Status and Updating Front Panel Info The Device Status window is where you change the information displayed on the Hub View Front Panel and where you can see summary information about the current state of the hub. To open the Device Status window: 1. Click on to display the Device menu. 2. Drag down to Status and release. Figure 2-7. EMM-E6 Device Status Window Name and Location These text fields help identify this EMM-E6.
Using the EMM-E6 Hub View NOTE If your device firmware can accept four-digit year values, the Date field will allow you to enter the year portion in one-, two-, or four-digit format. If you choose to enter one or two digits for the year, any value greater than or equal to 88 will be presumed to be in the 1900s; a value of 87 or less is presumed to be in the 2000s. No matter which entry format you choose, the year will still be displayed and set as a four-digit value.
Using the EMM-E6 Hub View or Click mouse button 3 on the appropriate Network Connection box to open the Network menu. 2. Drag down to Status and release. Figure 2-8. EMM-E6 Network Status window Note that the information in the Network Status window applies to all MIMs connected to the selected channel, regardless of which MIM display was used to access the window. The name of the selected channel (A, B, or C) is displayed in the window title.
Using the EMM-E6 Hub View Checking Module Status You can open a Module Status window for any manageable module in the EMM-E6-controlled hub. To open the Module Status window: 1. Click button 1 in the Module Type box. or Click button 3 in the Module Index, Module Type, or Port Display Form box to display the Module menu. 2. Drag down to Status and release. Figure 2-9.
Using the EMM-E6 Hub View Checking Port Status You can open a Port Status window for any port on any manageable module installed in the hub. To open the Port Status window: 1. Click button 3 in the Port Index or Port Status box to display the Port menu. 2. Drag down to Status and release. Figure 2-10.
Using the EMM-E6 Hub View • NOTE Not Supported — The selected port does not support the Link feature, so the EMM-E6 cannot determine link status; this value will show only for thin coax (BNC), AUI, or transceiver ports.
Using the EMM-E6 Hub View • • • • • • • • AUI EPIM Transceiver Port AUI EPIM Twisted Pair: RJ45 EPIM Multi-Mode Fiber: SMA EPIM Multi-Mode Fiber: ST EPIM Single-Mode Fiber: ST EPIM Hardwired AUI EPIM Unknown (for boards that don’t support media type) Topology Type Indicates how the port is being used. The available types are: NOTE • Station—The port is receiving packets from no devices, from a single device, or from two devices.
Using the EMM-E6 Hub View To view the IP Address Table: 1. Click on to access the Device menu. 2. Drag down to IP Address Table and release. Figure 2-11. EMM-E6 IP Address Table Note that the I/F Description for the highlighted interface is repeated in the text box at the bottom of the window; this allows for the complete display of the description, which may be truncated in the main window.
Using the EMM-E6 Hub View To view hub statistics at the Network, Module, or Port levels: 1. Display the Network, Module, or Port menu by clicking mouse button 3 in the appropriate area (refer to Figure 2-5, page 2-7). 2. Drag down to Statistics and then right to either General/Errors or Protocols/Frames, and release. Figure 2-12.
Using the EMM-E6 Hub View NOTE Unless you close, then re-open, a window or use the Reset button, statistical counters will continue to increment until a value of 232-1 (approximately 4 billion) is reached, at which point they will roll over and restart at 0.
Using the EMM-E6 Hub View “legal” collisions, as opposed to the OOW collisions described below) are a natural by-product of a busy network; if you are experiencing high numbers of collisions, it may be time to redirect network traffic by using bridges or routers. Extremely high collision rates can also indicate a data loop (redundant connections) or a hardware problem (some station transmitting without listening first).
Using the EMM-E6 Hub View Runt Frames The total number of received packets smaller than the minimum Ethernet frame size of 64 bytes (excluding preamble). This minimum size is tied to the maximum propagation time of an Ethernet network segment — the maximum propagation time is 51.2 µs, and it takes approximately 51.
Using the EMM-E6 Hub View NOTE For more detailed information about error statistics and the possible network conditions they represent, consult the Cabletron Systems Network Troubleshooting Guide, included with this package.
Using the EMM-E6 Hub View Figure 2-13. Port Source Address List The Source Address List window displays the MAC addresses of all devices that have transmitted packets through the selected port within a time period less than the SAT’s defined aging time (addresses that have not transmitted a packet during one complete cycle of the aging timer will be purged). The Aging Time is user-configurable; see Setting the Aging Time in Chapter 6 for more information.
Using the EMM-E6 Hub View NOTE The snapshots of the Source Address List that you can obtain via this feature do not reflect the current port security status of the SAT — that is, when Source Address Locking is enabled, you can still observe addresses being aged out of the table and new addresses being added as you refresh the Source Address List displayed in this window.
Using the EMM-E6 Hub View Figure 2-14. EMM-E6 Polling Intervals 3. To activate the desired polling, click mouse button 1 on the selection box to the right of each polling type field. 4. To change a polling interval, highlight the value you would like to change, and enter a new value in seconds. Note that the Use Defaults option must not be selected, or values will revert back to default levels when you click on , and your changes will be ignored. 5.
Using the EMM-E6 Hub View Device Configuration This polling interval controls how often a survey is conducted of the type of equipment installed in the EMM-E6-managed hub; information from this poll would change the Hub View to reflect the addition and/or removal of a MIM or MIMs. Port Operational State This polling interval controls the update of the information displayed in the Port Status boxes for each port in the hub.
Using the EMM-E6 Hub View Configuring RIC MIM Connections Because each RIC MIM repeats packets independently, you can insert it into the network via backplane channels B or C, or isolate it to act as a self-contained network. To change a RIC MIM’s channel assignment: 1. Click mouse button 3 in the appropriate area to display the Network menu (refer to Figure 2-5, page 2-7).
Using the EMM-E6 Hub View mode. When configured to operate on channels B or C, the TPXMIM provides its own repeating; when operating on Channel A, its ports depend on the EMM-E6 for repeater functionality. All TPXMIM ports default to channel B when first installed. To configure FNB connectivity for the board as a whole: 1. Click mouse button 3 in the appropriate area to display the Network menu (refer to Figure 2-5, page 2-7).
Using the EMM-E6 Hub View NOTE To place only selected ports in stand-alone mode, you must configure all other ports so that they are connected to Channel A; those ports will remain connected to Channel A when stand-alone mode is implemented, and only those ports connected to channels B or C will be put in stand-alone.
Using the EMM-E6 Hub View TIP Older versions of EMM-E6 firmware (revision levels previous to 2.00.16) use slightly different definitions of station and trunk status: station ports are defined as those which are detecting no source addresses or only a single source address; trunk ports are those detecting two or more.
Using the EMM-E6 Hub View NOTE If you use the Trunk Type option on the Port menu to manually change a port’s topology status from Force Trunk to Not Forced, any status change from trunk to station will not be reflected in the port display until the current cycle of the Source Address timer is complete. See Chapter 6, Source Addressing, for more information on the timer.
Chapter 3 Alarm Configuration Using Alarm Configuration; setting repeater alarm configuration; setting port and module alarm configuration Alarms work in conjunction with your network management system to let you know when defined thresholds have been reached. You define the conditions that will trigger an alarm using the Alarm Configuration application. The EMM-E6 monitors activity and reports to your network management station, in the form of a trap, when a defined threshold is reached.
Alarm Configuration Using Alarm Configuration To open the Alarms window from the icon: 1. Click on the appropriate EMM-E6 icon to display the icon menu. 2. Drag down to Alarm Configuration and release. from the Hub View: 1. In the Hub View, click on to display the Device menu. 2. Drag down to Alarm Configuration and release to open the Repeater Alarms window. from the command line (stand-alone mode): 1.
Alarm Configuration Configuring Alarms While configuring alarms for your EMM-E6 you must set the threshold and timebase that will factor in triggering the alarm. From the repeater alarms window you set an alarm timebase that applies to all enabled alarms at the repeater, module and port level; this timebase is the interval (in seconds) over which the selected variable(s) will be counted for comparison to the threshold values.
Alarm Configuration Alignment If this check box is selected, all misaligned packets will be included in calculating the overall percentage of errors. A misaligned packet is one with an non-integral number of bytes; these are also sometimes referred to as framing errors. Runts If this check box is selected, the number of runt packets will be included in calculating the overall percentage of errors. A runt packet is one that is less than the minimum Ethernet frame size of 64 bytes.
Alarm Configuration Setting and Changing Alarms 1. In the Alarms window, click mouse button 1 on a repeater selection in the scroll list. 2. Click mouse button 1 on window. to open the Set Repeater Alarms Figure 3-2. Set Repeater Alarms Window 3. In the Set Repeater Alarms window, select one of the alarm types: Collisions, Errors, Traffic, or Broadcast. If you select Errors, the Mask check boxes become active and you can select all or just some of the five different error types.
Alarm Configuration NOTE The Timebase applies to all enabled alarms, port-level and module-level alarms as well as repeater-level alarms. The Timebase appears in each alarms window — repeater, module, and port — but you can only edit it in the Repeater Alarms window. Since alarm condition samples are taken at the end of the defined timebase interval, alarm conditions which occur over the span of two timebase intervals will not be detected even if the threshold is crossed within the defined timebase.
Alarm Configuration Figure 3-3. Set Module Alarms Window 3. Select one or more modules in the scroll list. To apply one set of conditions to all modules, you can either select each module in the list or use the Set Alarm For box at the bottom of the window to choose either Selected Modules, which applies the conditions to the modules you selected in the module list, or All Modules, which applies the conditions to all modules in the hub network. 4.
Alarm Configuration 7. If you select Yes for Disable Module on Alarm, the defined condition will cause the device to disable the module. NOTE If a module is disabled by an alarm, you must manually re-enable the module before it can again pass traffic. Resetting the device does not re-enable the module. 8. Click mouse button 1 on . Setting Port Alarms 1. In the Alarms window, click mouse button 1 on a repeater selection in the scroll list. 2. Click mouse button 1 on to open the Set Port Alarms window.
Alarm Configuration 3. Select one or more ports in the scroll list. To apply one set of conditions to all ports, you can either select each port in the list or use the Set Alarm For box at the bottom of the window to choose either Selected Ports, which applies the conditions to the ports you selected in the port list, or All Ports on Repeater, which applies the conditions to all the ports on the repeater, or All Ports on Module, which applies the conditions to all the ports on the module. 4.
Alarm Configuration 3-10 Setting Module and Port Alarms
Chapter 4 Link/Seg Traps What are Link and Segmentation traps; enabling and disabling these traps at the device, module, and port levels Among the traps which Cabletron devices are designed to generate are traps that indicate when a repeater port gains or loses a link signal, when the repeater segments (disconnects) a port due to collision activity, and when a segmented port becomes active again.
Link/Seg Traps NOTE Unterminated BNC (thin coax) ports appear in the Hub View as segmented ports. When you attach a thin coax cable or a 50 Ω terminator to a port, the repeater generates a portUnsegmenting trap; when you remove the cable or terminator, the repeater generates a portSegmenting trap. Note also that devices at both ends of the cable will generate the portUnsegmenting and portSegmenting traps, even if only one end of the cable has been disconnected.
Link/Seg Traps from the Hub View: 1. Click on to display the Device menu. 2. Drag down to Link/Seg Traps and release. from the command line (stand-alone mode): 1. From the appropriate directory, type spmarun r4hwtr NOTES The spmarun script invoked first in the above command temporarily sets the environment variables SPMA needs to operate; be sure to use this command any time you launch an application from the command line.
Link/Seg Traps Configuring Link/Seg Traps for the Repeater To enable or disable Link and Segmentation traps for all ports on a repeater: 1. In the Repeater Link/Seg Traps window, click mouse button 1 on the repeater interface for which you would like to configure link and segmentation traps. 2. Click mouse button 1 on window, Figure 4-2, will appear. ; the Channel X Link/Seg Traps Figure 4-2. Channel X Link/Seg Traps Window 3.
Link/Seg Traps Figure 4-3. The Module Traps Window 3. In the Module Traps window, click mouse button 1 to select the module for which you wish to configure link and segmentation traps. If the Set Trap Status For field displays Selected Modules (the default setting), you can click to select any modules; to de-select any highlighted module, click on it again.
Link/Seg Traps Viewing and Configuring Link/Seg Traps for Ports To enable or disable Link and Segmentation traps for individual ports: 1. In the Repeater Link/Seg Traps window, select a repeater in the scroll list. 2. Click mouse button 1 on appear. ; the port traps window, Figure 4-4, will Figure 4-4. The Port Traps Window 3. In the port traps window, click mouse button 1 to select the port or ports for which you wish to configure traps.
Link/Seg Traps 5. Click on the appropriate selection in the Segmenting Traps field to Enable or Disable segmenting traps, as desired. 6. Click on window.
Link/Seg Traps 4-8 Enabling and Disabling Link/Seg Traps
Chapter 5 Repeater Redundancy This chapter describes how to configure and enable redundant circuits Setting Network Circuit Redundancy The redundancy application gives you the ability to define redundant circuits for your EMM-E6 to ensure that critical network connections remain operational. Each circuit has a designated primary port and one or more backup ports.
Repeater Redundancy from the command line (stand-alone mode) 1. From the appropriate directory, type: spmarun r4red NOTES The spmarun script invoked first in the above command temporarily sets the environment variables SPMA needs to operate; be sure to use this command any time you launch an application from the command line. The script is automatically invoked when you launch the application from the icon menu or from within the Hub View.
Repeater Redundancy Figure 5-2. The Channel X Redundancy Window 2. If you want to change a circuit’s name or the number of retries, highlight the appropriate circuit and click . The Change Circuit window, Figure 5-3, will appear. Figure 5-3.
Repeater Redundancy In the appropriate boxes, enter a new circuit name (up to 16 alphanumeric characters) and/or number of retries; Retries is the number of times the EMM-E6 tests the connection to the first IP address listed in the Circuit Addresses window before it gives up and moves on to the next address. The valid range of retries you can enter into this field is 0-16. Be sure to click on before exiting the window to save your changes. 3.
Repeater Redundancy 5. By default, all ports are created as Inactive Backup ports. You should set one port to be the Primary port and one port to be the Active port. Typically, the same port is both Primary and Active but this is not required. To select primary and active ports, click button 1 on a port to highlight it then click ; select the same or another port and click .
Repeater Redundancy Monitoring Redundancy Once you have configured your redundant circuits, you can use the fields in the All Circuits box to set the parameters that the EMM-E6 uses to periodically test each of the circuits. The EMM-E6 automatically polls all enabled circuits through the Primary port and all Backup ports at the time specified in the Test Time box. If the first poll fails (results in a no link condition with all of the circuit IP addresses), the EMM-E6 checks the circuit’s Retries field.
Chapter 6 Source Addressing Displaying the Source Address list; setting the Aging Time; selecting the Hash Type; effects of Source Address Locking; configuring Source Address traps; finding a Source Address Displaying the Source Address List The Source Address List, or Table (SAT), contains the MAC address and its associated vendor name for each device communicating through a port in the EMM-E6-controlled hub.
Source Addressing NOTES The spmarun script invoked first in the above command temporarily sets the environment variables SPMA needs to operate; be sure to use this command any time you launch an application from the command line. This script is automatically invoked when you launch an application from the icon menu or from within the Hub View. If you wish to change any Source Address settings, be sure to use a community name with at least Read/Write access.
Source Addressing To view the source address list for the device, highlight the interface for which you wish to view the SAT, then click mouse button 1 on ; the Source Address List window, Figure 6-2, will appear. Figure 6-2.
Source Addressing NOTE The snapshots of the Source Address List that you can obtain via this feature do not reflect the current port security status of the SAT — that is, when Source Address Locking is enabled, you can still observe addresses being aged out of the table and new addresses being added as you refresh the Source Address List displayed in this window.
Source Addressing 2. Click mouse button 1 on ; the Channel X Source Address List window, Figure 6-2 (page 6-3), will appear. 3. In the Hash Type field, click mouse button 1 on the appropriate selection to apply Dec or nonDec hashing to all ports on the selected repeater channel. 4. Click mouse button 1 on to exit the window. NOTE to save your changes; click on If your EMM-E6 firmware does not support the Hash Type feature, this field will be unavailable.
Source Addressing NOTE Remember, you must have SuperUser (SU) access to the device in order to lock or unlock ports.
Source Addressing • A port’s topology status (station or trunk) remains fixed while locking is in effect, even if the number of detected addresses changes. • Any ports disabled due to a violation (or because they were unlinked when locking was enabled) must be manually re-enabled via their Port menus, and • There are no additional Security features available. If you are not sure which set of port locking features your device firmware supports, contact the Cabletron Systems Global Call Center.
Source Addressing Other traps that will be sent in response to changes in source addressing (even when the above traps have been disabled) include: • PortTypeChanged traps are issued when a port’s topology status changes from station to trunk, or vice versa. The interesting information includes the board and port index, and the port’s new topology status.
Source Addressing Module- and Port-level Traps To set module- and port-level source addressing traps, select the appropriate channel in the Repeater Source Address window, then click on to enable and disable module-level traps, or on to enable and disable port-level traps. NOTE It is not necessary to close the Source Address List before launching the module and port traps windows; just move the Source Address List window out of the way, if necessary, to reach the main Repeater Source Address window.
Source Addressing Figure 6-3. The Module Source Address Traps Window To enable or disable port-level traps: 1. In the Port Source Address Traps window (Figure 6-4, below), click mouse button 1 to select the port or ports for which you wish to enable or disable traps. If the Set Trap Status For field displays Selected Ports (the default setting), you can click to select any ports; to de-select any highlighted port, click on it again.
Source Addressing Figure 6-4. The Port Source Address Traps Window 2. Click on the appropriate selection in the Trap Status field to enable or disable traps for the selected port(s), as desired. 3. Click on to save your changes. Finding a Source Address You can use the button to locate a source address in the list by the module and port through which it is communicating with the EMM-E6. This feature is especially useful when your device is very busy and your source address table is quite large.
Source Addressing Figure 6-5. Find Source Address Window 2. In the MAC Address field, enter the source address you wish to locate in a hexadecimal (XX:XX:XX:XX:XX:XX) format. 3. Click on . If the address is in the table at the time the search is initiated, the remaining fields in the window will display the module and port through which the address is communicating with the EMM-E6. If the address is not in the table, the message MAC Address Not Found will display in the window. See Figure 6-6, below.
Chapter 7 Security Launching the Security application; LANVIEWSECURE defined; configuring security; enabling security and traps at the repeater, module, and port levels; security on non-LANVIEWSECURE MIMs The Security application allows you to configure and manage the LANVIEWSECURE feature incorporated into the new generation of Cabletron’s repeater family of MIMs: the TPRMIM-xxS, FORMIM-xxS, CXRMIM-S, and TPXMIM-xxS.
Security from the command line (stand-alone mode): 1. From the appropriate directory, type spmarun r4sec NOTES The spmarun script invoked first in the above command temporarily sets the environment variables SPMA needs to operate; be sure to use this command any time you launch an application from the command line. This script is automatically invoked when you launch an application from the icon menu or from within the Hub View.
Security When the LANVIEWSECURE feature is enabled, it provides two kinds of protection: intruder protection will prevent any unauthorized source addresses from communicating with the network via a secure port, and can be configured to secure both station and trunk ports; eavesdropper protection scrambles the data portion of any packet transmitted via a secure port to all but the destination port, and can be extended to broadcast and multicast packets as well as packets destined for a single address.
Security TIP If your EMM-E6 is running firmware more recent than 2.00.16 and previous to 3.11.xx, you will not have the ability to force a port to unsecurable status; however, for firmware versions in that range, ports which have been forced to trunk status will not be locked, so you can use the force trunk feature — available from the Hub View port menus — to render a port unsecurable if you wish.
Security Forced non-secure status With the original version of LANVIEWSECURE, all ports except those which had been forced to trunk status could be locked, and would be locked automatically if locking were enabled at the repeater or module level.
Security Configurable violation response You can still choose to allow ports to remain enabled even after an unsecured address has attempted to access a locked port. If you choose not to disable a port which has experienced a violation, however, the port’s only response to an intruder will be to issue a trap after the first violation; all packets, regardless of source address, will be allowed to pass.
Security Figure 7-2. Channel X Port Security Window The top portion of the window contains a list box which displays each port communicating on the selected channel, designated by module and port number. Each port’s current Lock Status, violation response, Security Level, and Trap status is also displayed.
Security 2. In the On Violation field, click to select disable if you want the port or ports to be disabled if any unauthorized source address is detected, or select noDisable if you wish the port to remain operational after a violation. Note that selecting the noDisable option effectively removes intruder protection from the selected ports: a trap will be sent after the first violation, but all packets, regardless of source address, will be allowed to pass.
Security Figure 7-3. The Addresses Window 3. On the left side of the window, the Learned Addresses list box will display all source addresses detected by the selected port during the last aging interval (see Chapter 6, Source Address, for more information on the aging interval). On the right side of the window, the Secure Addresses list box will display the source addresses which have been secured for that port.
Security Figure 7-4. Add MAC Address Window d. Enter the desired MAC address in an xx:xx:xx:xx:xx:xx format, then click on . A confirmation window will appear; if you click on Yes to secure the address, it will appear in the Secure Addresses list box. 4. To secure addresses for additional ports, click to select the desired port in the Channel X Port Security window; the Addresses window will automatically display the Learned and Secure addresses for the new port.
Security Resetting Learned Addresses You can clear all learned and secured addresses out of a port’s address table, and allow that port to begin learning (and securing) new addresses, as follows: 1. In the Repeater Security window, click mouse button 1 on the repeater interface for which you would like to reset learned addresses. 2. Click mouse button 1 on open the appropriate window. , , or to 3.
Security transmitted clean to all ports on that channel unless security has been enabled there, too. Packets bridged to Channel A will always be transmitted clean to all ports, regardless of lock status; however, careful bridge configuration and prudent use of each port’s forwarding and blocking abilities can provide some measure of security in this case.
Security • A newSourceAddress trap is generated when a station port — one receiving packets from zero, one, or two source addresses — receives a packet from a source address that is not currently in its source address table. Information included in this trap includes the board number, port number, and source address associated with the trap. Trunk ports — those receiving packets from three or more source addresses — will not issue newSourceAddress traps.
Security Repeater-level Security and Traps Locking ports at the repeater, or channel, level applies all applicable security (as configured via the Port Security window) to every port on the channel. NOTE If you select a repeater whose ports have different security capabilities, you may still be able to select and apply security states which are not applicable to all ports.
Security 5. Click mouse button 1 on to save your changes; the new status will be displayed in each field to the right of the field name. Click on to exit the window. Module-level Security and Traps Locking ports at the module level applies all applicable protections (as configured via the Port Security window) to each port on the selected module or modules.
Security Figure 7-6. Channel X Module Security Window 3. Use the Set Security For field or the mouse to select the module or modules for which you wish to configure security (note that the settings in the Set Security For field will change automatically as you click to select or de-select modules). 4. In the Security Mode field, click mouse button 1 on the appropriate selection to apply Full or Continuous lock status to all ports on the selected modules, or to Unlock all ports on the modules.
Security Port-level Security and Traps To enable or disable security and/or traps at the port level: 1. In the Repeater Security window, click to selected the desired repeater interface, or channel, in the scroll list. 2. Click appear. ; the Channel X Port Security window, Figure 7-7, will Figure 7-7. Channel X Port Security Window NOTE For information on configuring security level, violation response, and secure addresses, see Configuring Security, page 7-6.
Security 4. In the Security Mode field, click mouse button 1 on the appropriate selection to apply Full or Continuous lock status to the selected port(s), or to Unlock selected ports. (Note that if your EMM-E6 does not support the newest security enhancements, or if the group of ports you have selected includes one on a non-LANVIEWSECURE MIM, the Continuous selection will be unavailable.) 5. Click on the appropriate selection in the Send Trap field to Enable or Disable traps for the selected port(s). 6.
Chapter 8 Front Panel Redundancy This chapter describes setting up front panel redundancy Setting Front Panel Redundancy When you configure front panel redundancy, you designate one of the EMM-E6’s redundant front panel ports as the active port and the other port as the backup. Once a redundancy scheme has been defined and enabled, the EMM-E6 monitors the active port’s connection to up to three designated IP addresses.
Front Panel Redundancy NOTES The spmarun script invoked first in the above command temporarily sets the environment variables SPMA needs to operate; be sure to use this command any time you launch an application from the command line. This script is automatically invoked when you launch an application from the icon menu or from within the Hub View. If you wish to configure a redundant circuit, be sure to use a community name with at least Read/Write access.
Front Panel Redundancy 1. Use mouse button 1 to highlight a port, either AUI #1 or AUI #2. 2. Click on to access the Add Circuit Address window, Figure 8-2. Figure 8-2. Add Circuit Address Window 3. In the Add Circuit Address window, enter the IP Address of a network device and then click . Once the circuit is enabled, the device monitors its link with the specified IP address.
Front Panel Redundancy 8-4 Setting Front Panel Redundancy
Appendix A EMM-E6 MIB Structure EMM-E6 management information base configuration IETF MIB Support In addition to its proprietary features, the EMM-E6 currently supports the following IETF MIBs: • RFC 1213 MIB for Network Management of TCP/IP-based Internets: MIB-II • RFC 1271 Remote Network Monitoring MIB • RFC 1493 Definitions of Managed Objects for Bridges EMM-E6 MIB Structure Cabletron’s newer intelligent devices — like the EMM-E6 — organize MIB data into a series of “components.
EMM-E6 MIB Structure MIB Components The EMM-E6 MIB components are described below. Note, however, that at any given time the component list displayed by your EMM-E6 may not include some of the components described below, since the EMM-E6 has the ability to alter the components which make up its MIB in response to changes in the chassis.
EMM-E6 MIB Structure Repeater One, Repeater Two, and Repeater Three The Repeater MIB components control all repeater functionality on the EMM-E6’s three internal repeater channels: A, B, and C. These functions include port count, port enable/disable, port status, board number, repeater statistics (packets, bytes, collisions, errors, etc.), protocol counts, and frame sizes; also included are the alarm, redundancy, source addressing, and trap functions.
EMM-E6 MIB Structure Distributed LAN Monitor The Distributed LAN Monitor, or DLM, MIB component is a proprietary feature that allows you to delegate a management station’s polling responsibilities to one or more strategically placed “smart hub” devices — like an EMM-E6 — on your network, reducing overall network SNMP traffic by reducing the number of devices reporting directly to your management station.
EMM-E6 MIB Structure A Brief Word About MIB Components and Community Names As mentioned above, the arrangement of the EMM-E6’s MIB into a series of components provides a tremendous amount of flexibility in controlling access to the EMM-E6’s configuration and statistical information, since each MIB component can have its own unique set of community names, and each can be individually enabled and disabled depending on your management needs (see the Community Names chapter in the SPMA Tools Guide for more inf
EMM-E6 MIB Structure A-6 EMM-E6 MIB Structure
Index A active port 5-5 Active Ports 2-12 Add Circuit Address 5-4 Admin Status 2-12 Advanced Router Config 1-4 Aging Time 6-3, 6-4 aging time 2-26 alarm 3-5 Alarm Configuration 2-4, 3-2 Alarm Threshold 3-5 alarm types 3-5 Alignment Errors 2-23 ATM_MIB A-3 Audible Chassis Alarm 2-14 Avg Packet Size 2-22 B Basic Router Config 1-4 Bridge View 1-3 BRIM applications 1-4 BRIM ports 2-5 Broadcast Packets 2-22 C CARGO 3-5, 3-7, 3-9 Change Channel 2-30, 2-31 Change Name/Retries 5-3 Changing Alarms 3-5 Charts, Gra
Index H O History window 1-6 Host Services A-3 hostname 2-1 OOW Collisions 2-23 opening the Hub View 2-1 Orphan MIMs A-4 I P IETF MIBs, supported by EMM-E6 A-1 inactive backup ports 5-5 intruder protection 7-3 IP address 2-3 IP Address Table 2-4 IP Services A-3 Isolated 2-30, 2-31 Path 1-3 Poll Interval 5-6, 8-3 Polling Intervals 2-4 polling intervals 2-27 Port Display Form 2-4, 2-7 port display form 2-10 Port Index 2-7 port locking 6-5, 7-3 port security status 6-4 Port Status 2-7 Port Trap 6-2 Por
Index RMON Host A-4 Runt Frames 2-24 S SAT 6-1 secure address assignment 7-3, 7-5 secure addresses 7-8 secureStateChange trap 7-13 Security 2-4, 6-5 security level 7-8 security parameters 7-6 security violation response 7-4, 7-6 segmentation traps 4-1 segmented 2-8 Set Trap Status For 4-5, 4-6, 6-9, 6-10 Setting Module Alarms 3-6 Setting Network Circuit Redundancy 5-1 Setting Port Alarms 3-8 Setting Repeater Alarms 3-4 Source Address 2-4 Source Address List 6-1 Source Address Locking 2-33 source address l
Index Index-4
