Cabletron Systems LANVIEWsecure User Manual

LANVIEW

SECURE

USER’S GUIDE

,

NOTICE

Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior
notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made.

The hardware, firmware, or software described in this manual is subject to change without notice.
IN NO EVENT SHALL CABLETRON SYSTEMS BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR

CONSEQUENTIAL DAMA GES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF OR
RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT, EVEN IF CABLETRON SYSTEMS HAS BEEN
ADVISED OF, KNOWN, OR SHOULD HAVE KNOWN, THE POSSIBILITY OF SUCH DAMAGES.

Copyright October 1996 by:

©

Cabletron Systems, Inc.
PO. Box 5005
Rochester, NH 03866-5005

All Rights Reserved
Printed in the United States of America

Order Number: 9031250-01 October 1996

SPECTRUM , LANVIEW ,

and EMME
All other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies.

EMM-E6 ,

LANVIEW

Hubstack , MicroMMAC , MMAC-Plus

SECURE

and Multi Media Access Center are registered trademarks of Cabletron Systems, Inc.,

,

,

and

are trademarks of Cabletron Systems, Inc.

SEHI

Printed on Recycled Paper

i

FCC NOTICE

This device complies with Part 15 of the FCC rules. Operation is subject to the following tw o conditions: (1) this device may not cause
harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired
operation.

NOTE: This equipment has been tested and found to comply with the limits for a Class A digital de vice, pursuant to Part 15 of the FCC

rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a
commercial environment. This equipment uses, generates, and can radiate radio frequency energy and if not installed in accordance
with the operator’s manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area
is likely to cause interference in which case the user will be required to correct the interference at his own expense.

WARNING: Changes or modifications made to this device which are not expressly approved by the party responsible for compliance

could void the user’s authority to operate the equipment.

DOC NOTICE

This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio
Interference Regulations of the Canadian Department of Communications.

Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la
class A prescrites dans le Règlement sur le brouillage radioélectrique édicté par le ministère des Communications du Canada.

VCCI NOTICE

This equipment is in the 1st Class Category (information equipment to be used in commercial and/or industrial areas) and conforms to
the standards set by the Voluntary Control Council for Interference by Information Technology Equipment (VCCI) aimed at preventing
radio interference in commercial and/or industrial areas.

Consequently, when used in a residential area or in an adjacent area thereto, radio interference may be caused to radios and TV
receivers, etc.

Read the instructions for correct handling.

ii

CABLETRO

IMPORTANT: Before utilizing this product, carefully read this License Agreement.

This document is an agreement between you, the end user, and Cabletron Systems, Inc. (“Cabletron”) that sets forth your rights and
obligations with respect to the Cabletron software program (the “Program”) contained in this package. The Program may be contained
in firmware, chips or other media. BY UTILIZING THE ENCLOSED PRODUCT, YOU ARE AGREEING TO BECOME BOUND BY
THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE AND THE LIMITATION OF WARRANTY AND
DISCLAIMER OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, PROMPTLY RETURN THE
UNUSED PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND.

1. LICENSE
conditions of this License Agreement.

You may not copy, reproduce or transmit any part of the Program except as permitted by the Copyright Act of the United States or
as authorized in writing by Cabletron.

2. O

THER RESTRICTIONS. You may not reverse engineer, decompile, or disassemble the Program.

3. APPLICABLE LA
of New Hampshire. You accept the personal jurisdiction and venue of the New Hampshire courts.

. You have the right to use only the one (1) copy of the Program provided in this package subject to the terms and

W. This License Agreement shall be interpreted and governed under the laws and in the state and federal courts

EXCLUSION OF WA

1. EXCLUSION OF WARRANTY. Except as may be specifically provided by Cabletron in writing, Cabletron makes no warranty,
expressed or implied, concerning the Program (including its documentation and media).

N SYST

LETRON SO

CAB

EMS, INC. PROGRAM LICENSE AGREEMENT

FTWARE PROGRAM LICENSE

RRANTY AND DI

SCLAIMER OF LIABILITY

CABLETRON DISCLAIMS ALL WARRANTIES, OTHER THAN THOSE SUPPLIED TO YOU BY CABLETRON IN
WRITING, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE PROGRAM, THE
ACCOMPANYING WRITTEN MATERIALS, AND ANY A CCOMPANYING HARDW ARE.

2. NO LIABILITY FOR CONSEQ
LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF
BUSINESS, PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL, INCIDENTAL,
CONSEQUENTIAL, OR RELIANCE DAMAGES, OR OTHER LOSS) ARISING OUT OF THE USE OR INABILITY TO USE
THIS CABLETRON PRODUCT, EVEN IF CABLETRON HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. BECAUSE SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES, OR ON THE DURATION OR LIMITATION OF IMPLIED
WARRANTIES, IN SOME INSTANCES THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU.

The enclosed product (a) was developed solely at pri v ate expense; (b) contains “restricted computer softw are” submitted with restricted
rights in accordance with Section 52227-19 (a) through (d) of the Commercial Computer Software - Restricted Rights Clause and its
successors, and (c) in all respects is proprietary data belonging to Cabletron and/or its suppliers.

For Department of Defense units, the product is licensed with “Restricted Rights” as defined in the DoD Supplement to the Federal
Acquisition Regulations, Section 52.227-7013 (c) (1) (ii) and its successors, and use, duplication, disclosure by the Government is
subject to restrictions as set forth in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at

252.227-7013. Cabletron Systems, Inc., 35 Industrial Way, Rochester, New Hampshire 03867-0505.

UENTIAL DAMAGES. IN NO EVENT SHALL CABLETRON OR ITS SUPPLIERS BE

UNITED STATES GOVE

RNMENT

RESTRICTED RIGHTS

iii

iv

CONTENTS

CHAPTER 1

LANVIEW

SECURE

1.1 Introduction............................................................................................................................................1-1

1.2 Technology ............................................................................................................................................ 1-1

1.2.1 Types of Protection...................................................................................................................1-2

1.2.2 Features of First Generation Security.......................................................................................1-2

1.2.3 New Features of Second Generation Security..........................................................................1-3

S

1.3 Configuring

LANVIEW

1.4 Tips for Implementing

ECURE

................................................................................................................1-4

LANVIEW

SECURE

Features................................................................................. 1-5

1.5 Summary ............................................................................................................................................... 1-5

1.6 Getting Help...........................................................................................................................................1-6

CHAPTER 2 OIDs TO ENABLE/DISABLE SECURITY

2.1 Introduction............................................................................................................................................2-1

2.2 OIDs....................................................................................................................................................... 2-1

CHAPTER 3 SETTING OIDs

3.1 Introduction............................................................................................................................................3-1

3.2 Guidelines..............................................................................................................................................3-1

3.3 Navigating the SNMP Tools Screen ...................................................................................................... 3-1

3.4 The SNMP Tools Screen.......................................................................................................................3-2

3.5 The GET Command............................................................................................................................... 3-3

3.6 The SET Command...............................................................................................................................3-4

3.7 The CYCLE Command..........................................................................................................................3-6

CHAPTER 4 MIB NAVIGATOR

4.1 Introduction............................................................................................................................................4-1

4.2 Managing Device MIBs..........................................................................................................................4-2

4.3 MIB Navigator Command Set Overview................................................................................................4-2

4.3.1 Conventions for MIB Navigator Commands..............................................................................4-3

4.3.2 Navigation Commands..............................................................................................................4-3

CHAPTER 5 COMMUNITY NAMES

5.1 Introduction............................................................................................................................................5-1

5.2 Viewing MIB Components and Corresponding Community Names ...................................................... 5-2

5.3 More Device Community Name Examples............................................................................................5-3

v

vi

CHAPTER 1

LANVIEW

SECURE

1.1 Introduction

LANVIEW

Systems technology provides security solutions across the entire Multi Media Access Center product line
including the HubSTACK, MicroMMAC, and MMAC-Plus. Cost effective implementations in 10BASE-T
twisted pair, 10BASE2 coaxial, and 10BASE-FL fiber optic media provide the network architect freedom of
choice when incorporating physical layer security into the network.

LANVIEW

received from, unauthorized users. The hub utilizes the Media Access Control (MAC) Address of attached
users to control the flow of data both outbound to the end user, and inbound from the end user.

SECURE

is Cabletron Systems strategy for hub-based security of Ethernet networks. Cabletron

SECURE

is based on the concept of a secure repeater which protects data from being transmitted to, or

1.2 Technology

The backbone of
assistance to the
immediately begins scrambling the data portion of the Ethernet packets repeated out to all ports, except the
port containing the actual destination MAC Address of the attached device. When a source MAC Address that
is not on the secure list for a port is detected, the management module sends a trap to the Simple Network
Management Protocol (SNMP) Network Management Station alerting the operator to the condition and/or
automatically disables the port, if so configured.

LANVIEW

LANVIEW

is the Repeater Interface Controller II (RIC II) Chip. It provides hardware

SECURE

SECURE

Hub Security Architecture. With the security feature enabled, the RIC II

The RIC II has the intelligence to learn up to two (2) MAC Addresses per port, on the fly, allowing automatic
configuration of the secure network. Supporting two MAC Addresses per port provides support of networks
that utilize the DECnet protocol. DECnet environments support the factory assigned MAC Addresses on the
Ethernet adapter, as well as a locally administered MAC Address. The RIC II also supports a floating cache of
32 MAC Addresses that can be assigned to any port. The cache is configurable from the SNMP agent of the
device managing the chassis or hub to allow network administrators the ability to add or delete authorized user
network addresses. The total number of addresses that can be saved is platform specific. The technology can
also be applied to scramble broadcast and multicast address packets. For any limitations, refer to the Release
Notes of the

LANVIEW

products you are using.

SECURE

Security is activated by enabling Port Locking. You can lock and unlock ports at the repeater, board, and port
levels.

1-1

1.2.1 Types of Protection

Intruder Prevention

Intruder Prevention prevents any unauthorized source addresses from communicating to the network via a
secure port. Intruder Prevention is based on the expected MAC address of a port. In order for

LANVIEW

SECURE

to be effective, specific parameters must be set and features enabled. During Setup, the
manager configures the Trap Screen and enables security. When an unrecognized MAC address is discovered
on a port, a trap is generated, sent to the Network Management station, and recorded on the Trap Screen. With
Locking enabled, the default configuration of Intruder Prevention is to disable the port and send trap
information to the Trap Screen.

Eavesdrop Protection

Eavesdrop Protection delivers a scrambled (a random pattern of ones and zeros) data portion of the Ethernet
packet to all ports except the port specified in the destination MAC address field of the original packet. The
result is that all ports other than the destination port receive meaningless information.

1.2.2 Features of First Generation Security

Repeater Security

You may perform the following security function at the repeater level: Lock Ports. This affects all ports on all
boards on the specified channel. The default condition is disabled.

Board Security

You may perform the following security function at the board level: Lock Ports. This affects all ports on the
specified board(s). The default condition is disabled.

Port Security

You may perform the following security functions at the port level: Disable Ports on intruder, Lock Port, and
Full Security (which enables the packet scrambling feature on broadcasts and multicast). This affects only the
specified port on a specified board.

Disable Ports (Intruder Prevention)

The Disable Ports feature disables the port when an unauthorized source address is detected. Disabling this
feature causes the port to remain operational after a violation. Not using the Disable Ports feature effectively
removes intruder protection from the selected port.

Send Trap

The Send Trap feature issues a trap after the first violation of the port; disable this feature if you do not wish to
receive these traps. The device using

LANVIEW

SECURE

must have the trap table properly configured for this
selection to function. (This is essentially the same as the Send Trap on Intruder feature for the board and
channel levels — only the Object Identifier (OID) strings change).

Lock Port (Partial Security)

Lock Port feature activates security on the port. Enabling Lock Port automatically secures the source addresses
in the secure address table. The addresses that are contained in the secure address list are considered the valid
addresses for that port. If an address is received on a locked port and that address is not on the secure list, the
port will be disabled.

1-2

Force Trunk Port

The user may force the port to be a trunk port before locking the port. When this object is set to “Force” it
causes the port to be placed into a Trunk topological state whether the network traffic warrants such a state or
not. When this object is set to “NoForce” it allows the port to assume the topological state it naturally assumes
based on the network activity on that port. When read, this object reports the current setting. When the port is
in the Trunk state, either forced or natural, this does not send a new source address trap or an aged source
address trap.

NOTE : Prior to having secure state, the topological state of a port (station or trunk) was used for purposes of

determining whether a port was capable of being secure. The topological state of a port no longer has any
bearing on security. In fact, the only thing that the topological state affects, is whether traps are sent out for
new and aged addresses. If the port is a trunk port, traps are not sent out at all. Topological state is determined
by the traffic or it can be forced into a trunk state by selecting the Force Trunk OID. If a port sees more than
three addresses for an aging time, or exactly three addresses for consecutive aging times, then it becomes a
trunk port. This applies to both

Adding/Deleting Secure Addresses

LANVIEW

SECURE

products and regular, non-secure products.

Through the use of the appropriate OIDs, addresses can be added to or deleted from the secure address list.
When adding addresses to a port that has never been locked, it is important to note that any learned addresses
are deleted and replaced with the manually entered addresses. If the port is locked or was once locked, then all
addresses remain in the secure list and the new addresses are added to the list.

1.2.3 New Features of Second Generation Security

Full Security (Eavesdrop Protection)

When the Full Security feature is enabled, the data portions of data packets not intended for this destination,
including broadcast and multicast, are scrambled. When the Full Security feature is disabled, broadcast and
multicast packets are transmitted unchanged, regardless of what is contained in the secure address list. The
default condition is disabled.

Continuous Learn Mode

This allows a port to continuously learn source addresses. Network administrators now have the versatility to
move stations from port to port without manually adding and deleting source addresses. This benefits
customers who are constantly conducting adds, moves, and changes to their physical network environment. To
configure a port, port group, or network for Continuous Learn Mode, use the Learn Mode object. Once
configured, the port, port group, or network has the ability to learn the source address of the last packet to be
transmitted on the port. Scrambling, however, is still done on any packets not destined for this port (Eavesdrop
Protection).

This object can be set whether the port is locked or unlocked. Upon setting to Continuous Learn, all addresses
on the port are deleted, and then the next address seen is put in the security list. If the port is locked, it secures
on the latest address, and performs destination security on that one address (scramble packets not destined for
the port). The drawback to this mode is that there is no intruder protection (source address security) on the port.
Once an intruder sends a packet, it becomes the valid address on the port.

The Learn mode object can be set regardless of whether the port is in the Secure state or Non-Secure state.
However, the port only learns addresses when it is in the Secure state.

A port that is set to Continuous Learn is put into a state of Learn. Ports in Continuous Learn Mode do not
restore any addresses when “Hot-swapped”, reset, etc. In Continuous Learn Mode, the secure addresses are not
stored in NVRAM; however, the configuration of being in Continuous Learn Mode is stored.

1-3

Learn State

This provides the ability to start and stop learning at the network, port group, and port level. The Object
Identifier (OID) defaults to “Learn” state. This OID automatically changes to “Nolearn” state once it has either
learned two addresses or a set has been done by management. At this point, the user can set the OID back to
“Learn” state, which causes all of the addresses on the port to be deleted and the port to begin learning again.

Similarly, if the port is in the “Learn” state, the user can set it to “Nolearn”, which prevents any further
addresses from being learned on the port, port group, or network. Either action can only be taken if the port is
unlocked. The network, port group, and port level then need to have security enabled to benefit from the
Intruder Prevention and Eavesdrop Protection features.

Secure State (read only)

The secure state is a read only object. The secure state of a port is defined by the traffic on that port. A port that
is non-secure is a port that cannot support either Intruder Prevention Security or Eavesdrop Prevention. In
other words, it cannot be set to a locked state at any time. For

LANVIEW

SECURE

products, a port is non-secure
if there are more than 35 addresses “seen” on a port for an aging period; or if there are exactly 35 addresses
“seen” on that port for two consecutive aging periods. For all other products, a port is non-secure if there are
more than 3 addresses “seen” on the port for the aging period; or if there are exactly 3 addresses “seen” on the
port for two consecutive aging periods. A Non-Secure port cannot be locked. And, similarly, a locked port
cannot be Forced Non-Secure. An attempt to do either will return MIB_BAD_VALUE.

Force Secure/NonSecure

To put a port in a Non-Secure configuration, set the port to Forced Non-Secure. A port that is Forced
Non-Secure stays in this condition until the force is removed, at which point it goes into a natural secure state,
based on the traffic once the next aging time is reached. This is useful for ports that have a network connection
for which you do not want security implemented.

1.3 Configuring

To configure

LANVIEW

LANVIEW

, enter, through your network management system, the desired OID from the

SECURE

SECURE

List of Secure OIDs.
Chapter 2 provides a list of

LANVIEW

SECURE

Chapter 3 provides a step by step procedure for setting the

OIDs.

LANVIEW

SECURE

OIDs through the management
platform of SNMP tools using the SEHI as an example. To set OID strings, you can use the SNMP utility
described in the SEHI User’s Guide or any MIB walking tool. Refer to specific MIB walking tool
documentation for instructions on how to set MIB OID strings.

Chapter 4

LANVIEW

explains how to use the MIB Navigator utility commands of get, set, and community names for

SECURE

.

Chapter 5 provides information about community names. The read-write community name for the Repeater
MIB component is necessary to perform SNMP set commands to enable/disable

LANVIEW

SECURE

features.

1-4

1.4 Tips for Implementing

LANVIEW

SECURE

Features

Security can only be implemented by locking a port, and can only be completely disabled by unlocking a port.
You cannot enable Intruder Protection on a

LANVIEW

SECURE

hub without also enabling Eavesdrop Protection.
You can, however, effectively enable Eavesdrop Protection alone by de-selecting the Disable Ports option for
the violation response; choosing not to disable ports basically eliminates intruder protection, sends a trap, and
allows all packets to pass regardless of their source address. Another approach to enable Eavesdrop Protection
alone is to use Continuous Learn.

Security should not be enabled on any port that is connected to an external bridge. The bridge discards all
packets it receives as error packets since Cyclic Redundancy Checks (CRCs) are not recalculated after a packet
is scrambled.

Security should not be enabled on any port that is supporting a trunk connection with 3 or more addresses,
unless you are sure that no more than 34 consecutive addresses will attempt to use the port, and you have
secured all necessary addresses. A simple way of ensuring this is to put a port to Forced Non-Secure.

If you choose to set the board or repeater security, be advised that a board setting overrides all port settings for
the specified board, while a repeater setting overrides all board(s) and their respective port settings for the
specified channel. An integer of 3 for some OIDs indicates a mixed state.

Query chCompName and chCompSUCommStr to identify the community name for the Repeater MIB

SECURE

component(s). Use the community name obtained to enable/disable

LANVIEW

features.

Secure the device console port as well as device network ports. In the Community Name Table, change the
default community name for Read-Only, Read-Write, and Superuser access privileges.

Cabletron Systems advises that all default community names be changed for each MIB component. This can be
done simultaneously through Configuration Manager of SPECTRUM, Set Community String Utility of
Remote LANVIEW/Windows, or Set Community Names Utility of SPECTRUM Element Manager/Windows.

1.5 Summary

Many methods of network security exist today to ensure the integrity of what is quickly becoming an
organization’s most valuable asset — information. While no one method alone provides a complete solution
from all potential unauthorized access, when used appropriately and in conjunction with one another, a

SECURE

solution set is often found. Cabletron Systems

LANVIEW

violations while monitoring and controlling normal moves, adds, and changes in Local Area Network (LAN)
environments.

is designed to discourage common security

1-5

1.6 Getting Help

If you need additional support related to this device, or if you have any questions, comments, or suggestions
concerning this manual, contact Cabletron Systems Technical Support:

Phone (603) 332-9400

A

.

M

. – 8

P

.

M

Monday – Friday; 8
CompuServe GO CTRON from any ! prompt
Internet mail support@ctron.com
FTP ctron.com (134.141.197.25)

Login
Password

anonymous

your email address

BBS (603) 335-3358

Modem setting 8N1: 8 data bits, 1 stop bit, No parity

For additional information about Cabletron Systems products, visit our
W orld W ide Web site: http://www .cabletron.com/

. Eastern Time

1-6

2.1 Introduction

CHAPTER 2

OIDs TO ENABLE/DISABLE SECURITY

This chapter provides a list of the OIDs for

LANVIEW

SECURE

.

2.2 OIDs

The read-write community name for the Repeater MIB component is necessary to perform SNMP set
commands to enable/disable

LANVIEW

community names. The examples shown below use the following definitions: b=board, p=port.

rptrSaTrapSetSrcaddr

Description:
Object Identifier:
Data Type:
Values:

Access Policy:

{rptrSaTrapSet 1}
Enables and disables source address traps for this network.

1.3.6.1.4.1.52.4.1.1.1.4.1.6.2.1.0
Integer

read-write

SECURE

1 disable
2 enable
3 other

features. Refer to Chapter 4 for more information on

rptrSecurityLockState

Description:

Object Identifier:
Data Type:
Values:

Access Policy:

{rptrSaSecurity 1}
Setting this object to Lock will activate the network port security lock. It is in v alid to

set a value of portMisMatch(3). This value reflects a status value that the lock
status between the port group, port and repeater levels do not agree.

1.3.6.1.4.1.52.4.1.1.1.4.1.7.1.0
Integer

1 unlock
2 lock
3 portMisMatch

read-write

2-1

rptrSecuritySecureState

{rptrSaSecurity 2}

Description:

Object Identifier:
Data Type:
Values:

Access Policy:

rptrSecurityLearnState

Description:

Object Identifier:
Data Type:
Values:

The status of source address security of the network. Ports on the network that
are secure(1), can be locked in order to enable security. NonSecure(2) ports
cannot be locked. Setting a value of portMisMatch(3) is invalid.

1.3.6.1.4.1.52.4.1.1.1.4.1.7.2.0
Integer

1 secure
2 nonSecure
3 portMisMatch

read-only

{rptrSaSecurity 3}
The learn state of the network. This object will only be applied to ports that are

locked. If set to learn(1), all addresses are deleted on the ports and learning
begins once again. If it is set to noLearn(2), learning stops on the port. Setting a
value of portMisMatch(3) is invalid.

1.3.6.1.4.1.52.4.1.1.1.4.1.7.3.0
Integer

1 learn
2 noLearn
3 portMisMatch

Access Policy:

rptrSecurityLearnMode

Description:

Object Identifier:
Data Type:
Values:

Access Policy:

read-write

{rptrSaSecurity 4}
Get/Set the learn mode of the network. If set to oneTime learn mode oneTime(1),

each port is capable of learning two addresses and securing on both destination
and source addresses once they are locked. If set to continuous learn
continuous(2), all addresses are initially deleted and each port continuously
replaces the existing secure source address with the latest source address it
sees. Setting a value of portMisMatch(3) is invalid.

1.3.6.1.4.1.52.4.1.1.1.4.1.7.4.0
Integer

1 oneTime
2 continuous
3 portMisMatch

read-write

2-2

rptrPortGrpSaTrapSetSrcaddr

{rptrPortGrpSaTrapEntry 2}

Description:
Object Identifier:
Data Type:
Values:

Access Policy:

rptrPortGrpSrcAddrLockGrpId

Description:
Object Identifier:
Data Type:
Access Policy:

rptrPortGrpSrcAddrLock

Description:

Enables and disables source address traps for the specified port group.

1.3.6.1.4.1.52.4.1.1.1.4.2.5.2.1.1.2.0
Integer

1 disable
2 enable
3 other

read-write

{rptrPortGrpSrcAddrLockEntry 1}
Defines particular port group for this source address security lock information.

1.3.6.1.4.1.52.4.1.1.1.4.2.6.1.1.b
Integer
read-only

{rptrPortGrpSrcAddrLockEntry 2}
Allows setting of the security lock status for this port group. It is invalid to set a

value of portMisMatch(3). This value is used for status to identify that the lock
status for the ports within the port group do not match the lock status for the port
group.

Object Identifier:
Data Type:
Values:

Access Policy:

1.3.6.1.4.1.52.4.1.1.1.4.2.6.1.2.b
Integer

1 unlock
2 lock
3 portMisMatch

read-write

2-3

rptrPortGrpSASecurity­SecureState

{rptrPortGrpSrcAddrLockEntry 3}

Description:

Object Identifier:
Data Type:
Values:

Access Policy:

rptrPortGrpSASecurityLearn­State

Description:

Object Identifier:

The state of the source addressing security for this port group. Ports on the port
group that are secure(1), can be locked in order to enable security. When a value
of nonsecure(2) is returned ports cannot be locked. Setting a value of
portMisMatch(3) is invalid. A value of portMisMatch(3) reflects that not all ports
are the same value.

1.3.6.1.4.1.52.4.1.1.1.4.2.6.1.3.b
Integer

1 secure
2 nonSecure
3 portMisMatch

read-only

{rptrPortGrpSrcAddrLockEntry 4}

The learn state of source addressing security for the port group. This Object will
only applied to ports that are unlocked. If set to learn(1), all addresses are deleted
on the port and learning begins once again. If it is set to nolearn(2), learning stops
on the port. Setting a value of portMisMatch(3) is invalid.

1.3.6.1.4.1.52.4.1.1.1.4.2.6.1.4.b

Data Type:
Values:

Access Policy:

rptrPortGrpSASecurityLearn­Mode

Description:

Object Identifier:
Data Type:
Values:

Integer

1 learn
2 noLearn
3 portMisMatch

read-write

{rptrPortGrpSrcAddrLockEntry 5}

The learn mode of source addressing security port group. If set to oneTime(1),
each port is capable of learning two addresses and securing on both destination
and source addresses once they are locked. If set to continuous(2), all addresses
are initially deleted and each port continuously replaces the existing secure
source address with the latest source address it sees. Setting a value of
portMisMatch(3) is invalid.

1.3.6.1.4.1.52.4.1.1.1.4.2.6.1.5.b
Integer

1 oneTime
2 continuous
3 portMisMatch

Access Policy:

read-write

2-4

rptrPortSrcAddrTopoState

{rptrPortSrcAddrEntry 3}

Description:
Object Identifier:
Data Type:
Values:

Access Policy:

rptrPortSrcAddrForceTrunk

Description:

Object Identifier:
Data Type:
Values:

Returns the topological state of the port. NOTE: Not related to security.

1.3.6.1.4.1.52.4.1.1.1.4.3.5.1.3.b.p
Integer

1 station
2 trunk

read-only

{rptrPortSrcAddrEntry 4}
When this object is set to Force it causes the port to be placed into a Trunk

topological state whether the network traffic would warrant such a state or not.
When this object is set to noForce it allows the port to assume the topological
state it would naturally assume based on the network activity across it. When
read, this object reports the current setting. NOTE: Not related to security.

1.3.6.1.4.1.52.4.1.1.1.4.3.5.1.4.b.p
Integer

1 noForce
2 force

Access Policy:

rptrPortSaTrapSetSrcaddr

Description:
Object Identifier:
Data Type:
Values:

Access Policy:

rptrPortSecurityPortGrpId

Description:
Object Identifier:
Data Type:
Access Policy:

read-write

{rptrPortSaTrapEntry 3}
Enables and disables source address traps for this port.

1.3.6.1.4.1.52.4.1.1.1.4.3.8.2.1.1.3
Integer

1 disable
2 enable

read-write

{rptrPortSecurityEntry 1}
Port Group ID for this source address lock entry.

1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.1.b.p
Integer
read-only

2-5

rptrPortSecurityPortId

{rptrPortSecurityEntry 2}

Description:
Object Identifier:
Data Type:
Access Policy:

rptrPortSecurityLockStatus

Description:
Object Identifier:
Data Type:
Values:

Access Policy:

rptrPortSecurityLockAddAd­dress

Description:

The port ID for this source address lock entry.

1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.2.b.p
Integer
read-only

{rptrPortSecurityEntry 3}
Defines lock status for this particular port entry.

1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.3.b.p
Integer

1 unlock
2 lock

read-write

{rptrPortSecurityEntry 4}

Setting a value to this object will cause a new entry to be added to the
rptrPortSecurityListT ab le. When read, this object will display an octet string of size
6 with each octet containing a 0.

Object Identifier:
Data Type:
Access Policy:

rptrPortSecurityLockDelAd­dress

Description:

Object Identifier:
Data Type:
Access Policy:

1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.4.b.p
Octet String
read-write

{rptrPortSecurityEntry 5}

Setting a value to this object will cause corresponding entry in the
rptrPortSecurityListTable to be deleted. When read this object returns an octet
string of length 6 with each octet having the value 0.

1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.5.b.p
Octet String
read-write

2-6

rptrPortSecurityDisableOnVio­lation

{rptrPortSecurityEntry 6}

Description:

Object Identifier:
Data Type:
Values:

Access Policy:

rptrPortSecurityFullSecEnabled

Description:

Object Identifier:
Data Type:
Values:

Designates whether port is disabled if its source address is violated. A source
address violation occurs when an address is detected which is not in the secure
address list for this port. If the port is disabled due to the source address violation
it can be re-enabled by setting rptrPortMgmtAdminState.

1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.6.b.p
Integer

1 noDisable
2 disable

read-write

{rptrPortSecurityEntry 7}
A port that is set to full security and is locked will scramble ALL packets, which are

not contained in the expected address list, including broadcasts and multicasts. A
port that is set to partial security will allow broadcasts and multicasts to repeat
unscrambled.

1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.7.b.p
Integer

1 partialSecurity
2 fullSecurity

Access Policy:

rptrPortSecuritySecureState

Description:

Object Identifier:
Data Type:
Values:

Access Policy:

read-write

{rptrPortSecurityEntry 8}
The secure state of a port. If the port is secure(1), it can be locked in order to

enable security. A nonsecure(2) port cannot be locked.

1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.8.b.p
Integer

1 secure
2 nonSecure

read-only

2-7

rptrPortSecurityForceNonSe­cure

{rptrPortSecurityEntry 9}

Description:

Object Identifier:
Data Type:
Values:

Access Policy:

rptrPortSecurityLearnState

Description:

Object Identifier:
Data Type:
Values:

The force non-secure state of port. If the port is Forced, Non-Secure via a value of
forceNonSecure(2) it is put into a Non-Secure state, in which case it cannot be
locked. If a port is not forced noForce(1), then it will take on its natural state,
according to the traffic flow on the port.

1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.9.b.p
Integer

1 noForce
2 forceNonSecure

read-write

{rptrPortSecurityEntry 10}
The learn state of the port. This object will only be applied to a port that is

unlocked. If set to learn(1), all addresses are deleted on the port and learning
begins once again. If it is set to noLearn(2), learning stops on the port.

1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.10.b.p
Integer

1 learn
2 noLearn

Access Policy:

rptrPortSecurityLearnMode

Description:

Object Identifier:
Data Type:
Values:

Access Policy:

read-write

{rptrPortSecurityEntry 11}
The learn mode of the port. If set to oneTime(1), the port is capable of learning

two address and securing on both destination and source addresses (upon
locking port). If set to continuous(2), all addresses are initially deleted and the port
continuously replaces the existing secure source address with the latest source
address it sees.

1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.11.b.p
Integer

1 oneTime
2 continuous

read-write

2-8

rptrPortSecurityListPortGrpId

{rptrPortSecurityListEntry 1}

Description:
Object Identifier:
Data Type:
Access Policy:

rptrPortSecurityListPortId

Description:
Object Identifier:
Data Type:
Access Policy:

rptrPortSecurityListIndex

Description:
Object Identifier:
Data Type:

The port group for this security list entry.

1.3.6.1.4.1.52.4.1.1.1.4.3.9.2.1.1.b.p
Integer
read-only

{rptrPortSecurityListEntry 2}
The port ID for this source address lock list.

1.3.6.1.4.1.52.4.1.1.1.4.3.9.2.1.2.b.p
Integer
read-only

{rptrPortSecurityListEntry 3}
A unique index for the source address entries.

1.3.6.1.4.1.52.4.1.1.1.4.3.9.2.1.3.b.p
Integer

Access Policy:

rptrPortSecurityListAddress

Description:
Object Identifier:
Data Type:
Access Policy:

read-only

{rptrPortSecurityListEntry 4}
Defines the particular source address that has been locked.

1.3.6.1.4.1.52.4.1.1.1.4.3.9.2.1.4.b.p
Octet String
read-only

2-9

2-10

3.1 Introduction

CHAPTER 3

SETTING OIDs

This chapter provides a step by step procedure for setting the

LANVIEW

SECURE

OIDs through the management

platform of SNMP tools using the SEHI as an example.

3.2 Guidelines

Community Name

The read-write or superuser community name for the Repeater MIB component is necessary to perform SNMP
set commands which enable/disable

SNMP Set

LANVIEW

SECURE

features. Refer to Chapter 5 for more information.

When performing SNMP sets on these OIDs, an integer of 1unlocks or disables the function, while an integer
of 2 locks, or enables the function.

Overriding Port And Board Security

If you choose to set the board or repeater security, be advised that a board setting overrides all port settings for
the specified board, while a repeater setting overrides all board(s) and their respective port settings for the
specified channel. An integer of 3 for some OIDs indicates a mixed state.

3.3 Navigating the SNMP Tools Screen

Access Local Management and select SNMP Tool Support, or press F9.

SEHI LOCAL MANAGEMENT

Cabletron SEHI Revision 1.10.01

FEATURE SELECTION

F6 COMMUNITY TABLE
F7 IP ADDRESS ASSIGNMENT
F8 COMPONENT TRAP TABLE

F9 SNMP TOOL SUPPORT

DEVICE STATISTICS

EXIT LIM SERVICE

3-1

3.4 The SNMP Tools Screen

Use the arrow keys to move from field to field about the screen. After entering information, use the <ENTER>
key to accept information into that field and the arrow keys again to go to the next field or command. In this
document, what you enter appears in

GET SET GETNEXT WALK RECALL OID STEP CYCLES REPEAT

F6 F7 F8 F9

10 point Boldface font, like this.

SEHI LOCAL MANAGEMENT

Cabletron SEHI Revision 1.10.01

SNMP Tools

COMMUNITY NAME: public
OID PREPEND: 1.3.6.1

RETURN

NOTES:

1. The OID PREPEND accepts a total of 32 consecutive characters, including the periods that separate OID
strings. Any additional OID string needed to perform an operation must be entered after selecting one of the
SNMP Tools commands (GET, SET, CYCLE, etc.). To save yourself time in re-entering OID strings, enter
a PREPEND that is common to as many OIDs as you are interested in.

2. Some operations, such as setting

LANVIEW

SECURE

OIDs, requires the community name of the Repeater

MIB component. If you exit the SNMP Tools screen, then re-enter it, the last OID remains in the OID
PREPEND field, but the community name returns to the default.

3-2

3.5 The GET Command

Lock Port (Partial Security 1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.3 (1=Unlock, 2=Lock)

SEHI LOCAL MANAGEMENT

Cabletron SEHI Revision 1.10.01

SNMP Tools

COMMUNITY NAME:
OID PREPEND: 1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1

ChannelA

GET SET GETNEXT WALK RECALL OID STEP CYCLES REPEAT

F6 F7 F8 F9

<GET> OID (=|F9):

ACCESSED OID: 1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.3.1.12

ASCII_LABEL: N/A

DATA TYPE: 0x1 { int }

DATA LENGTH: 1

DECODED DATA: 2

3.1.12 (board 1, port 12)

Secure State (read only) 1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.8.b.p (b=board, p=port)

SEHI LOCAL MANAGEMENT

Cabletron SEHI Revision 1.10.01

SNMP Tools

GET SET GETNEXT WALK RECALL OID STEP CYCLES REPEAT

F6 F7 F8 F9

<GET> OID (=|F9):

ACCESSED OID: 1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.8.1.1

ASCII_LABEL: N/A

DATA TYPE: 0x1 { int }

DATA LENGTH: 1

DECODED DATA: 1

8.1.1 (board 1, port 1)

COMMUNITY NAME:
OID PREPEND: 1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1

ChannelA

3-3

3.6 The SET Command

Set to Full Security 1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.7.b.p (b=board, p=port)

SEHI LOCAL MANAGEMENT

Cabletron SEHI Revision 1.10.01

SNMP Tools

COMMUNITY NAME:
OID PREPEND: 1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1

GET SET GETNEXT WALK RECALL OID STEP CYCLES REPEAT

F6 F7 F8 F9

<SET> OID (=|F9):

{ Integer String Null Oid Ipaddress Counter Gauge Timeticks Opaque }

DATA TYPE (name):

SNMP OID Data: 2

<SET> OPERATION CODE: 2 < OK >

7.1.12 (board 1, port 12)

int

ChannelA

Add Address to Secure Table 1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.4.b.p (b=board, p=port)

SEHI LOCAL MANAGEMENT

Cabletron SEHI Revision 1.10.01

SNMP Tools

GET SET GETNEXT WALK RECALL OID STEP CYCLES REPEAT

F6 F7 F8 F9

<SET> OID (=|F9):

{ Integer String Null Oid Ipaddress Counter Gauge Timeticks Opaque }

DATA TYPE (name):

ENTER H(ex) or A(scii) FOR STRING TYPE: H

ENTER DATA AS HEX BYTES SEPARATED BY BLANKS LIKE 0 1D 30 5

SNMP OID Data:

<SET> OPERATION CODE: 1 < OK >

4.1.12 (board 1, port 12)

S

00 00 1D 22 33 44

3-4

COMMUNITY NAME:
OID PREPEND: 1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1

ChannelA

Delete Address from Secure Table 1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1.5.b.p (b=board, p=port)

SEHI LOCAL MANAGEMENT

Cabletron SEHI Revision 1.10.01

SNMP Tools

COMMUNITY NAME:
OID PREPEND: 1.3.6.1.4.1.52.4.1.1.1.4.3.9.1.1

GET SET GETNEXT WALK RECALL OID STEP CYCLES REPEAT

F6 F7 F8 F9

<SET> OID (=|F9):

{ Integer String Null Oid Ipaddress Counter Gauge Timeticks Opaque }

DATA TYPE (name):

ENTER H(ex) or A(scii) FOR STRING TYPE: H

ENTER DATA AS HEX BYTES SEPARATED BY BLANKS LIKE 0 1D 30 5

SNMP OID Data:

<SET> OPERATION CODE: 1 < OK >

5.1.12 (board 1, port 12)

S

00 00 1D 22 33 44

ChannelA

3-5

3.7 The CYCLE Command

View Secure Address Table (read only) 1.3.6.1.4.1.52.4.1.1.1.4.3.9.2.1.4.b.p (b=board, p=port)

SEHI LOCAL MANAGEMENT

Cabletron SEHI Revision 1.10.01

SNMP Tools

COMMUNITY NAME:
OID PREPEND: 1.3.6.1.4.1.52.4.1.1.1.4.3.9.2.1

GET SET GETNEXT WALK RECALL OID STEP CYCLES REPEAT

F6 F7 F8 F9

ENTER <GETNEXT> CYCLE COUNT:

ENTER CYCLE DELAY (secs): 5

<GETNEXT> OID (=|F9): 4.1.12 (press down arrow key, not the <ENTER> key to begin cycle)

------------SPECIFIED OID ----------------- SIZE TYP DATA (HIT ANY KEY TO QUIT)

1.3.6.1.4.1.52.4.1.1.1.4.3.9.2.1.4.1.12.1 6 str 00-00-1D-11-7B-78

1.3.6.1.4.1.52.4.1.1.1.4.3.9.2.1.4.1.12.2 6 str 00-00-1D-0D-79-6C

1.3.6.1.4.1.52.4.1.1.1.4.3.9.2.1.4.1.12.3 6 str 00-00-1D-11-22-33

1.3.6.1.4.1.52.4.1.1.1.4.3.9.2.1.4.1.12.4 6 str 00-00-1D-22-33-43

1.3.6.1.4.1.52.4.1.1.1.4.3.9.2.1.4.1.12.5 6 str 00-00-1D-22-33-45

1.3.6.1.4.1.52.4.1.1.1.4.3.9.2.1.4.1.12.6 6 str 00-00-1D-22-33-46

1.3.6.1.4.1.52.4.1.1.1.4.3.9.2.1.4.1.12.7 6 str 00-00-1D-22-33-47

1.3.6.1.4.1.52.4.1.1.1.4.3.9.2.1.4.1.12.8 6 str 00-00-1D-22-33-48

****** MIB WALK COMPLETED ******

8

ChannelA

This command is especially useful for viewing OIDs with tables of instances that span one or many boards or
ports, such as the

LANVIEW

SECURE

You can increase the CYCLE DELAY to as many seconds as you need to view addresses. If you delete an
address from the secure table, say an address in instance 3, all other addresses move up the instance ladder.
Since addresses can change instances, if you are adding or deleting an address, use the CYCLE command to
verify the MAC address, then add or delete the MAC address itself, not its instance.

3-6

address table.

CHAPTER 4

MIB NAVIGATOR

4.1 Introduction

This chapter explains how to use the MIB Navigator utility commands of get, set, and community names for

LANVIEW

NOTE: Figure 4-1 shows the MIB Navigator screen that would be presented after the user entered the “help”
command.

SECURE

. Figure 4-1 shows the MIB Navigator screen.

Event Message Line

Welcome to Cabletron NBR-SERIES Revision XX.XX.XX

MIBNav-> help

Commands Available to the User:

arp
ctron
done
help
netstat
pwd
show
snmpset
traceroute

branch
defroute
exit
ls
next
quit
snmpbranch
snmptree
tree

cd
dir
get
mib2
ping
set
snmpget
su
whoami

SPECIAL:

done, quit, or exit - Exit from the MIB Navigator.
mib2 - Change MIB directory to MIB II (1.3.6.1.2.1).
ctron - Change MIB directory to cabletron (1.3.6.1.4.1.52).

For help with a specific command, type 'help <command>'.

MIBNav->

Figure 4-1 The MIB Navigator Screen

1110-16

4-1

4.2 Managing Device MIBs

The MIB Navigator lets you manage objects in the NBR Management Information Bases (MIBs). MIBs are
databases of objects used for managing the device and determining the device configuration. The commands
within the MIB Navigator allow you to view and modify an object of the device.

The MIB Navigator views the MIB tree hierarchy as a directory. Figure 4-2 shows the MIB tree hierarchy.
Each layer is numerically encoded, so that every branch group and leaf object in the MIB is identified by a
corresponding number, known as an Object Identifier (OID). This allows the MIB Navigator to navigate
through the MIB and access the manageable leaf objects.

MIBNav-> branch

# /1/3/6/1/2/1/7/1
# /1/3/6/1/2/1/7/2
# /1/3/6/1/2/1/7/3

udpInDatagrams
udpNoPorts
udpInErrors

Figure 4-2 Hierarchical MIB Tree Structure

COUNTER
COUNTER
COUNTER

38216
0
0

051456

Often an ASCII name is assigned to an OID leaf object, making it more readable. To identify the value for the
object “ip Forwarding”, use the OID (/1/3/6/1/2/1/4/1), or its ASCII name
(/iso/org/dod/internet/mgmt/mib-2/ip/ipForwarding).

4.3 MIB Navigator Command Set Overview

The MIB Navigator command set provides the following commands:

Navigation Commands

Navigation commands allow you to access and manage the MIB for the device running the MIB Navigator.
Some of these commands also provide user community-string information. The commands are as follows:

– branch – cd – ctron – dir
– get – help – ls – mib2
– next – pwd – set – show
– su – tree – whoami

Built-In Commands

Built-In commands allow you to access and manage network devices connected to the device running the MIB
Navigator. The commands are as follows:

– arp – defroute – netstat – ping
– snmpbranch – snmpget – snmpset – snmptree
– traceroute

Special Commands

Special Commands allow you to exit from the MIB Navigator. The commands are as follows:

– done – quit – exit

4-2

4.3.1 Conventions for MIB Navigator Commands

This manual uses the following conventions for denoting commands:

• Information keyed by the user is shown in this helvetica font.

• Command arguments are indicated by two types of brackets:

- required arguments are enclosed by [ ].

- optional arguments are enclosed by < >.

MIB Navigator command conventions are as follows:

• To abort the output or interrupt a process, the escape character is ^C (where ^ equals the Control key).

• A slash (/) preceding an OID issues that command from the root directory regardless of where you are in
the MIB. If no slash precedes the OID, the command issues from your current MIB location.

• Dot notation (1.1.1.1) is equivalent to slash notation (1/1/1/1). Use slash notation with the navigational
commands, and the dot notation with the built-in commands that are using SNMP to access and manage
network devices.

MIB Navigation Commands are listed in the format shown below:

command:

Syntax: This entry provides the format that the MIB Navigator command requires. It

indicates where arguments, if any, must be specified.

Description: This entry briefly describes the command and its uses.
Options: This entry lists any additional fields that may be added to the command and their

format.

Example: This entry shows an example of the command.

4.3.2 Navigation Commands

The following MIB Navigation commands allow you to move from MIB object to MIB object within the MIB
tree.

get:

Syntax: get <objectID>
Description: The get command provides the value of a specific managed object. The command is

valid only for leaf entries in the current MIB tree, or for managed objects in the MIB.

Options: Not Applicable
Example:

MIBNav-> get /1/3/6/1/2/1

#Cabletron EMM-E6 Revision X.XX.XX

051483

4-3

set:

Syntax: set <OID> <value>
Description: The set command enables you to set the value of a managed object. This command

is valid only for leaf entries in the current MIB tree, or for managed objects in the
MIB.

If the leaf specified does not exist for the given path, MIB Na vigator asks for a value.
The following lists possible value types:

(i)nteger - number
(c)ounter - number
(g)auge - number
(t)ime ticks - number
o(p)aque - “value” (with quotation marks)
(s)tring - “value” (with quotation marks)
(o)id - OID number with dotted punctuation
(a)ddress - IP address in DDN format
(m)ac - MAC address in hexadecimal format
(n)ull - no type

Options: Not Applicable
Example:

MIBNav-> set /1/3/6/1/4/1/52/1/6/4/7 122.1.1.1

Type: (i)nteger (a)ddress (c)ounter (g)auge (o)id:

051463

su:

Syntax: su [community name]
Description: The su command enables you to change your community name to allow for different

access to the MIB. The community name that you enter allows you either read-only,
read-write, or super-user access to that device’s MIBs, depending on the level of
security access assigned the password through the SNMP Community Names screen.
Refer to Chapter 5 for more information about community names.

Options: Not Applicable
Example:

MIBNav-> su public

051464

4-4

CHAPTER 5

COMMUNITY NAMES

5.1 Introduction

Devices based on Cabletron Systems RepeaterRev4 MIB are structured into MIB groups, with each group
capable of having its own community name. This is true for the following

LANVIEW

MicroMMAC, EMME, and EMM-E6.
By default, the community name for each group is “public”, except for the Repeater group, which is

“channelA” for single channel devices. For devices that have multiple repeaters, the default community names
used would be “channelA” for Repeater One; “channelB” for Repeater Two; “channelC” for Repeater Three;
etc. You must have read-write or superuser access to enable/disable

LANVIEW

To determine what MIB components are active, query the following MIB object:

chCompName=1.3.6.1.4.1.52.4.1.1.2.4.1.5

To determine the corresponding community names for each component, query the following MIB object:

Read Write chCompRWCommStr=1.3.6.1.4.1.52.4.1.1.2.4.1.11
Superuser chCompSUCommStr=1.3.6.1.4.1.52.4.1.1.2.4.1.12

SECURE

SECURE

devices: SEHI,

features.

NOTE: If you contact the device using the read-write community name, you cannot view superuser
community names. If you contact the device using the superuser community name, you can view - and change

- all community names. We recommend you use the superuser community name for all

LANVIEW

SECURE

functions.
The following page shows these relationships for the SEHI. Remember that for a multichannel device in a

concentrator chassis, the number of active components can vary significantly.

5-1

5.2 Viewing MIB Components and Corresponding Community Names

SEHI LOCAL MANAGEMENT

Cabletron SEHI Revision 1.10.01

SNMP Tools

COMMUNITY NAME:
OID PREPEND: 1.3.6.1.4.1.52.4.1.1.2.4.1.5

GET SET GETNEXT WALK RECALL OID STEP CYCLES REPEAT

F6 F7 F8 F9

ENTER <GETNEXT> CYCLE COUNT:

ENTER CYCLE DELAY (secs): 1

<GETNEXT> OID (=|F9): (press down arrow key, not the <ENTER> key to begin cycle)

------------SPECIFIED OID ------------ SIZE TYP DATA (HIT ANY KEY TO QUIT)

1.3.6.1.4.1.52.4.1.1.2.4.1.5.1 16 str SEHI Chassis MGR

1.3.6.1.4.1.52.4.1.1.2.4.1.5.2 8 str SEHI LIM

1.3.6.1.4.1.52.4.1.1.2.4.1.5.3 12 str Repeater One

1.3.6.1.4.1.52.4.1.1.2.4.1.5.4 18 str SEHI Host Services

1.3.6.1.4.1.52.4.1.1.2.4.1.5.5 16 str SEHI IP Services

5

SEHI LOCAL MANAGEMENT

Cabletron SEHI Revision 1.10.01

SNMP Tools

public

GET SET GETNEXT WALK RECALL OID STEP CYCLES REPEAT

F6 F7 F8 F9

ENTER <GETNEXT> CYCLE COUNT:

ENTER CYCLE DELAY (secs): 1

<GETNEXT> OID (=|F9): (press down arrow key, not the <ENTER> key to begin cycle)

------------SPECIFIED OID ------------ SIZE TYP DATA (HIT ANY KEY TO QUIT)

1.3.6.1.4.1.52.4.1.1.2.4.1.12.1 6 str public

1.3.6.1.4.1.52.4.1.1.2.4.1.12.2 6 str public

1.3.6.1.4.1.52.4.1.1.2.4.1.12.3 8 str channelA

1.3.6.1.4.1.52.4.1.1.2.4.1.12.4 6 str public

1.3.6.1.4.1.52.4.1.1.2.4.1.12.5 6 str public

5-2

COMMUNITY NAME:
OID PREPEND: 1.3.6.1.4.1.52.4.1.1.2.4.1.12

public

5

5.3 More Device Community Name Examples

MicroMMAC-22E Firmware Version 1.10.14

chCompName=1.3.6.1.4.1.52.4.1.1.2.4.1.5 chCompSUCommStr=1.3.6.1.4.1.52.4.1.1.2.4.1.12
chCompName.1 Chassis MGR chCompSUCommStr.1 public

chCompName.2 LM chCompSUCommStr.2 public
chCompName.3 Host Services chCompSUCommStr.3 public
chCompName.4 IP Services chCompSUCommStr.4 public
chCompName.5 Distributed LAN Monitor chCompSUCommStr.5 public
chCompName.6 MIB Navigator chCompSUCommStr.6 public
chCompName.7 RMON Default chCompSUCommStr.7 public
chCompName.8 RMON Host chCompSUCommStr.8 public
chCompName.9 RMON Capture chCompSUCommStr.9 public
chCompName.10 Repeater 1 chCompSUCommStr.10 public.Repeater1

EMME (MMAC-3FNB with TPRMIM and TPXMIM) Firmware Version 3.05.09

chCompName=1.3.6.1.4.1.52.4.1.1.2.4.1.5 chCompSUCommStr=1.3.6.1.4.1.52.4.1.1.2.4.1.12
chCompName.1 EMME Chassis MGR chCompSUCommStr.1 public

chCompName.2 EMME LIM chCompSUCommStr.2 public
chCompName.3 Repeater T w o chCompSUCommStr.3 channelB
chCompName.4 Repeater One chCompSUCommStr.4 channelA
chCompName.5 Ctron Use Only chCompSUCommStr.5 public
chCompName.6 EMME Host Services chCompSUCommStr.6 public
chCompName.7 EMME IP Services chCompSUCommStr.7 public
chCompName.8 EMME Distributed LAN Monitor chCompSUCommStr.8 public
chCompName.9 EMME MIB Navigator chCompSUCommStr.9 public
chCompName.10 EMME RMON Default chCompSUCommStr.10 public
chCompName.11 EMME RMON Host chCompSUCommStr.11 public
chCompName.12 EMME RMON Capture chCompSUCommStr.12 public
chCompName.13 EMME T r ansparent Bridge chCompSUCommStr.13 public

5-3

5-4