3Com 5112M-TPLS - Manual

ONline 10BASE-T Security Module Installation and Operation Guide xiii How to Use This Guide This guide tells you how to install and operate the 3Com ONline™ 10BASE-T Security Module (referred throughout this guide as the Security Module) for the ONline System Concentrator. A configuration section is...

xiv ONline 10BASE-T Security Module Installation and Operation Guide Structure of This Guide This guide contains the following chapters: Chapter 1, Introduction – Introduces the principal features of the Security Module. Chapter 2, Designing and Expanding the Network – Explains examples of possible ...

ONline 10BASE-T Security Module Installation and Operation Guide xv Document Conventions The following document conventions are used in this manual: Convention Indicates Example Courier text User input In the Agent Information Form, enter MIS in the New Contact field. System output After pressing th...

xvi ONline 10BASE-T Security Module Installation and Operation Guide Related Documents This section provides information on supporting documentation, including: ❑ 3Com Documents ❑ Reference Documents Note: A Note . The information is important Note: Use STP lobe cables for your system. Caution: A Ca...

ONline 10BASE-T Security Module Installation and Operation Guide xvii 3Com Documents The following documents provide additional information on 3Com products: 17-Slot ONline System Concentrator Installation and Operation Guide – Explains how to install, operate, and manage the 3Com ONline 17-Slot Sys...

Introduction 1 - 1 1 Introduction This chapter describes the principle features of the ONline 10BASE-T Security Module. The ONline 10BASE-T Security Module The ONline 10BASE-T Security Module is a 12-port IEEE 802.3 repeater module that complies with the 10BASE-T standard. The module is designed for...

1 - 2 ONline 10BASE-T Security Module Installation and Operation Guide ❑ Features 'hot swap' capability so that you can install or remove the module without having to power down the concentrator In addition, the Security Module allows you to disable Link Integrity, which allows the module to be conn...

Introduction 1 - 3 Figure 1-1. ONline 10BASE-T Security Module Application ONline Management A master ONline Ethernet Management Module (EMM) at Version 4.0 is capable of managing the Security Module, including the Autolearning feature. A master ONline Token Ring Management Module (TRMM) at Version ...

2 - 2 ONline 10BASE-T Security Module Installation and Operation Guide Understanding the General Rules As part of your network design, it is important to consider your network size. For instance, is the network (end-to-end) 100 meters, 1000 meters, 4000 meters, or more? What are your plans for expan...

Designing and Expanding the Network 2 - 3 Table 2-1 outlines the seven basic rules to keep in mind when you construct your network. Table 2-1. Seven Basic Network Rules Rule Definition Recommendations/Notes 1 If possible, use 10BASE-FB as the backbone medium. Use 62.5 micron cable to conform with th...

2 - 6 ONline 10BASE-T Security Module Installation and Operation Guide LAN Equivalence LAN equivalence is the sum of both the incoming and outgoing module port signals. Different modules, however, have different equivalent distances. Table 2-2 lists the LAN product equivalent distances.. Table 2-2. ...

2 - 10 ONline 10BASE-T Security Module Installation and Operation Guide Do not exceed the distances as defined in Table 2-2 for the link from a Security Module to a 10BASE-T Transceiver. Twisted Pair Backbone, Twisted Pair To-The-Desk In constructing a twisted pair backbone, one additional configura...

Designing and Expanding the Network 2 - 11 Figure 2-2. Unshielded Twisted Pair Network While there is no fiber in the configuration in Figure 2-2, you can calculate the fiber equivalent distance as follows: Total link distance: 100 m + 100 m + 100 m + 50 m + 20 m = 370 m Total equivalent distance of...

2 - 12 ONline 10BASE-T Security Module Installation and Operation Guide In the example shown in Figure 2-2, if two patch panels were used between the top right PC and the top right concentrator, you would have to shorten the link distance of 100 meters to 90 meters. This is because the maximum allow...

3 - 2 ONline 10BASE-T Security Module Installation and Operation Guide Precautionary Procedures Electrostatic discharge (ESD) can damage static-sensitive devices on circuit boards. Follow these precautions when you handle the Security Module: ❑ Do not remove the board from its anti-static shielding ...

Installing and Operating the Module 3 - 5 Setting the Dip Switch The Security Module has one 4-switch DIP switch (SW1) located on the module. The functions of the DIP switch settings on the Security Module are ignored if a management module is already installed in the concentrator. For this reason, ...

3 - 6 ONline 10BASE-T Security Module Installation and Operation Guide Network selection switches 1 and 2 enable you to select a channel for the module. Switches 1 and 2 are factory set to On. Therefore, the Security Module is initially configured to network 1. To reconfigure the module to a differe...

3 - 8 ONline 10BASE-T Security Module Installation and Operation Guide Installing the Module You do not need to power down the ONline System Concentrator to install the Security Module. You can insert the module while the concentrator is operating (this is called a hot swap ). This section describes...

Installing and Operating the Module 3 - 13 The 50-pin Telco-type connector connects to 12 10BASE-T-compliant ports using a 12-leg hydra cable. This module can be attached using the 12-leg hydra cable to a patch panel or punch-down block, which provides connections for the 12 twisted pair ports. The ...

3 - 14 ONline 10BASE-T Security Module Installation and Operation Guide Port Enable You can enable or disable use of the 12 ports on the Security Module. When a port is enabled, it can transmit and receive data onto the network to which the module is assigned. 3Com recommends that you disable all un...

Installing and Operating the Module 3 - 15 If you set up redundancy between a secure port and a non-secure port (whether on a Security Module port or other module port), a warning message is displayed to terminal management. The warning informs you that this configuration has the potential to automa...

Installing and Operating the Module 3 - 17 Showing Module Configurations You can display status information about the Security Module using the following management commands: ❑ SHOW MODULE ❑ SHOW MODULE VERBOSE ❑ SHOW PORT ❑ SHOW PORT VERBOSE The following command displays detailed information about...

3 - 18 ONline 10BASE-T Security Module Installation and Operation Guide The following output is an example of the SHOW PORT ALL VERBOSE command issued for the ports of a Security Module installed in slot 12 (only the output for ports 1, 2, and 3 are shown): ONline> show port 12.all verbose [ENTER...

3 - 20 ONline 10BASE-T Security Module Installation and Operation Guide Table 3-4. Interpretation of the Security Module LEDs LED Name Color State Indicates Activity (Ports 1-12) yellow Off No packets are received on the segment. On Constant activity on the segment. Blinking Normal activity on the s...

Installing and Operating the Module 3 - 21 LED and Network Verification Once the module is installed, verify its operation through the front panel of the ONline Controller Module. The Controller Module is equipped with an LED test button on the front panel. Use the LED test button to verify LED oper...

4 - 2 ONline 10BASE-T Security Module Installation and Operation Guide Quick Reference for Configuring Security Table 4-1 outlines the steps necessary to configure the security features of your module. These procedures and command examples are explained further throughout this chapter. If you are fa...

4 - 4 ONline 10BASE-T Security Module Installation and Operation Guide Configuring Security Features This section describes the security features of the Security Module, including Eavesdropping Security and Intrusion Detection. Included in this section are the features you must configure to enable s...

Configuring Security Features 4 - 5 ❑ Allows the Security Module to deliver packets only to the end station to which a packet is addressed. ❑ Prohibits unauthorized end stations from listening (eavesdropping) on packets that are not specifically addressed to them. If a port receives a packet (from t...

4 - 6 ONline 10BASE-T Security Module Installation and Operation Guide address, the module forces a collision. The collision prevents intruding end stations from gaining access to a port and transmitting unauthorized data over the network. Figure 4-2 illustrates an example of an Intrusion Detection ...

Configuring Security Features 4 - 7 Security Mode is automatically enabled when you issue the SET SECURITY PORT SECURITY_TYPE command. Security Type is automatically configured to Full (which includes both Eavesdropping and Intrusion security) when you issue the SET SECURITY PORT MODE ENABLE command...

Configuring Security Features 4 - 9 Issue the following command to enable all the ports on the Security Module in slot 3. ONline> set port 3.all mode enable [ENTER] Configuring Autolearning Autolearning uses the network monitoring features of the EMM to provide a mechanism which: ❑ Learns the MAC...

Configuring Security Features 4 - 11 Defining a MAC Address Manually The Security Module provides you with the flexibility of manually adding MAC addresses into a port's MAC address table, and into the Autolearning Database. You may use this feature to add one or more MAC addresses to a port MAC add...

4 - 12 ONline 10BASE-T Security Module Installation and Operation Guide Downloading the Autolearning Database You must download the contents of the Autolearning database to the Security Module ports in order for the MAC Addresses to be associated with the ports. When Autolearning Capture is complete...

Configuring Security Features 4 - 13 Note: at least one autolearned address was skipped because the port with which it is associated has more than 4 autolearned addresses. If any MAC address was skipped because the concentrator limit was reached, the following message displays upon completion of the...

4 - 14 ONline 10BASE-T Security Module Installation and Operation Guide ❑ MAC addresses will not be Autolearned ❑ The port(s) will report an intrusion. (An intrusion is only reported if a port Action_on_intrusion setting is configured to either Disable_and_trap or Trap_only.) Saving Security Configu...

Configuring Security Features 4 - 15 Showing Port Configurations You can display information about the Security Module ports using the SHOW PORT SECURITY command. The following command displays: – All of the addresses (up to four per-port) for a single port or – All 12 ports on a Security Module or ...

Configuring Security Features 4 - 17 Showing Security Autolearn The SHOW SECURITY AUTOLEARN command displays all of the MAC addresses that have been learned and stored in the Autolearning database. Only entries for ports specified in the command are displayed. An additional message is provided if an...

4 - 18 ONline 10BASE-T Security Module Installation and Operation Guide A double asterisk (**) marks entries that have exceeded the EMM capacity of 360 MAC addresses, or the TRMM capacity of 400 MAC addresses. Entries that exceed the 360 or 400 MAC address maximum (that is, entry 361 and greater or ...

Configuring Security Features 4 - 19 The following command example displays a Security Intrusion list for a two-port 10BASE-FB Module. ONline> show security intruder_list [ENTER] Port MAC Address Time Since Intrusion Auto-Disable? 03.01 08-00-8f-02-c6-be 0d 0h 15m 27s YES 03.02 09-d3-74-00-2e-01 ...

4 - 20 ONline 10BASE-T Security Module Installation and Operation Guide Note: Security Mode is not disabled automatically when you delete a port's MAC address. Thus, a port may not have a MAC address associated with it yet still have security enabled . In this case, any end station attached to that ...

Configuring Security Features 4 - 21 Using 3Com MIB Security Variables This section lists the network management Security MIB (Management Information Base) variables and the ONline 10BASE-T Security Module MIB variables. EMM Security SNMP Variables The MIB variables for the EMM Security settings inc...

4 - 22 ONline 10BASE-T Security Module Installation and Operation Guide ❑ olNetSecurityMACStatus - Status associated with each port, which indicates if a valid (non-zero) MAC address is assigned to it. The possible values for this field are Valid and Invalid. Using the Security Module SNMP Variables...

Configuring Security Features 4 - 23 ❑ ol51nnMTPLSPortBuddyPort - The port index of the redundant port's buddy. ❑ ol51nnMTPLSPortLinkInteg - The link integrity configuration for this port. ❑ ol51nnMTPLSPortDipLinkInteg - The link integrity configuration for this port as indicated by the module DIP s...

Troubleshooting 5 - 1 5 Troubleshooting This chapter describes troubleshooting procedures for the ONline Security Module. Information on troubleshooting will assist you in verifying operation. Typical fault conditions are addressed in this chapter. Troubleshooting Diagnostic features have been cover...

5 - 2 ONline 10BASE-T Security Module Installation and Operation Guide Troubleshooting Using the Status LEDs A blinking Port Status indicator (LED) signals a problem with a port or a link connected to a port. Once a port detects a problem, you can further analyze the problem by counting the number o...

5 - 4 ONline 10BASE-T Security Module Installation and Operation Guide Troubleshooting Using the Activity LEDs Under some conditions a port Activity LED may not light. Use the troubleshooting suggestions in Table 5-2 to help determine why the light is off, and to isolate the source of the problem. T...

Troubleshooting 5 - 5 Technical Assistance You can receive assistance for installing and troubleshooting the Security Module by calling either your 3Com reseller or 3Com Technical Support. Be prepared to supply a representative with the following information: ❑ Description of the problem ❑ Steps you...

Specifications A - 1 A Specifications This appendix lists: ❑ Electrical Specifications ❑ Environmental Specifications ❑ Mechanical Specifications ❑ General Specifications ❑ 50-Pin Connector and Cable ❑ Twisted Pair Connectors and Cables Electrical Specifications Backplane Interface: 96-pin edge conn...

Specifications A - 3 Ethernet interface: 50-pin TELCO connector; supports 12 connections Number of ports: 12 Cabling: conforms to the 10BASE-T standard Cable differential impedance: 85 ohms to 115 ohms over 1 to 16 MHz band Cable propagation velocity: >.585c Host interface: 3Com ONline System Con...

A - 6 ONline 10BASE-T Security Module Installation and Operation Guide Twisted Pair Connectors and Cables You can use many types of cables and connectors to link your Security Module to your network. Use the information in this section to ensure that the cables and connecting hardware meet requireme...

Specifications A - 7 This section is divided into the following parts: ❑ Twisted Pair Connectors ❑ Twisted Pair Cables Twisted Pair Connectors Uset the IEEE 802.3 10BASE-T standard for RJ-45 pinouts as described below. 10BASE-T uses 2 of the 4 pairs of wire: pins 1 and 2 and pins 3 and 6. If the pai...

A - 8 ONline 10BASE-T Security Module Installation and Operation Guide Some installations may have 50-pin Telco connectors at the wiring closet. We recommend using a patch panel that converts from 50-pin to RJ45-type connectors. This allows direct connection to the Security Module in your ONline Sys...

Technical Support B - 1 B Technical Support 3Com provides easy access to technical support information through a variety of services. This appendix describes the following services: ❑ On-line Technical Support ❑ Support from Your Network Supplier ❑ Support from 3Com ❑ Returning Products for Repair ❑...

B - 2 ONline 10BASE-T Security Module Installation and Operation Guide Email Technical Support You can contact the Integrated Systems Division (formerly Chipcom) on the Internet for technical support using the e-mail address [email protected]. World Wide Web Site You can access the latest network...

Technical Support B - 3 When you contact your network supplier for assistance, have the following information ready: ❑ Diagnostic error messages ❑ A list of system hardware and software, including revision levels ❑ Details about recent configuration changes, if applicable If you are unable to contac...

Technical Support B - 5 3. Enter your full Internet e-mail address as the password (for example, [email protected] ). 4. Change to the mib or schema directory using the cd /pub/mibs or cd /pub/mibs/schemas command. 5. To view the 3Com MIB, OID, or schema entries, enter the dir command. ❑ To pause the...

Index 1 Index Numerics 10BASE-T Signalling Standard , 1-1 Transceivers , 2-8 3Com Bulletin Board Service (3ComBBS) , B-3 50-Pin Cable Pinouts and Port Assignments , A-5 50-Pin Connector , A-3 A Activity LEDs Troubleshooting With , 5-4 Audience of Manual , xiii Autolearning , 1-3, 4-8 Capture , 4-9 C...