| Donald,
The DECrepeater 900TM (DETMM) supports both intrusion protection
and eavesdrop security. Up to two authorized addresses can be
assigned to each repeater port. This is NOT designed to support
multiple independent stations connected to a single port. The
intent of allowing two addresses is to accommodate DECNET nodes
which initially use their hardware addresses (08-00-2B-12-34-56,
for example) while booting and then switch over to use their DECNET
addresses (AA-00-04-AB-CD-EF, for example).
With intrusion protection, if a packet received by a port has a
source address which does not match any of the port's authorized
addresses then the intrusion is logged and the port is (optionally)
disabled.
With eavesdrop security, packets with destination addresses not
equal to a port's authorized address are jammed/scrambled before
being transmitted out that port. While the DECrepeater 900TM
allows (up to) two authorized addresses to be assigned to any given
repeater port, only one such address is actively used at any given
time to enforce eavesdrop security.
The DECrepeater 900TM uses the following algorithm to select
which address in a given port's authorized address list to use when
enforcing eavesdrop security:
1. The authorized address which was most recently used by a station
transmitting into a given repeater port is used to enforce
eavesdrop security on that port.
2. If no packets from an authorized station have been received on a
given port then the most recent address added to the authorized
address list for that port is used to enforce eavesdrop security.
Regards,
Rich Pagliaro
|