[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference netcad::hub_mgnt

Title:DEChub/HUBwatch/PROBEwatch CONFERENCE
Notice:Firmware -2, Doc -3, Power -4, HW kits -5, firm load -6&7
Moderator:NETCAD::COLELLADT
Created:Wed Nov 13 1991
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:4455
Total number of notes:16761

3271.0. "Disconnect-reconnect flag HUBwatch" by SWAM1::SACHARSKE_LO () Mon Feb 12 1996 17:57

    
    Is there a SNMP set through HUBwatch/PolyCenter which would sense
    and alarm a disconnect-reconnect sequence with a 900TP Ethernet 
    connection?
    
    This has to do with security concerns.
    
    Lou
T.RTitleUserPersonal
Name		DateLines
3271.1I don't think so.NETCAD::GALLAGHERTue Feb 13 1996 09:0019
I'm not sure what you're asking, so I'll use the scatter-gun approach.

There's no HUBwatch alarm for backplane connection/disconnection, or port
connection/disconnection - yet.

The Management Agent Module, however, has a built-in RMON alarm on backplane
connection changed.  A trap is sent whenever the 900TP hops on/off a 
backplane LAN.

The 900TP can also send traps when port media becomes available/unavailable.
The trap is enabled by default.

You only get traps if you've given the device sending the trap an IP address,
and specified one or more trap-sinks (destination IP address for trap
messages).

Can you tell us about the security concern?

						-Shawn
3271.2more details...PHXSS1::POWERS_BRTue Feb 13 1996 18:3712
    
    The customer in this case is looking for the ability to determine
    whenever a device is either disconnected or connected to a given
    network port.  They would like a history display of all connections and
    an immediate flag of some sort to monitor intrusions to the network.
    
    They are also concerned about spoofing and nodes being attached to the
    network in promiscuous mode.
    
    thanks,
    Brian
3271.3NETCAD::GALLAGHERWed Feb 14 1996 09:0723
Most (all?) DECrepeater900's support intrusion protection and eavesdrop
protection.  There are options on what to do in the event of a security
violation (i.e. partition the port).  Intrusion and eavesdrop protection
address your customer's spoofing and promiscuous mode concerns.  HUBwatch 
screens support both forms of repeater security.

Most DECrepeater900's also support RMON Alarms and Events.  By default,
when a 10Base-T repeater port is connected or disconnected, an SNMP trap 
is sent, and a log entry is created in the RMON Log Table.  (The idea 
being that since traps are unreliable, the Log Table should be polled 
regularly.)

Right now, you can't use HUBwatch to modify/create/delete RMON Alarm
and Event entries - which is probably okay in your case since the alarms
are created by default.  Neither can you look at the Log Table through
HUBwatch.  You'll have to use a generic SNMP MIB browser to do that
for now.

Other than the missing HUBwatch RMON support, I think we have a pretty 
good story around security in our repeater products.

						-Shawn