Behavior of Library Port 1 and Port 2 with LME

The LME configuration affects the behavior of library port 1 and 2.

With library code 3.50 and above, you can configure Network Port 2 for library managed encryption (LME). Enabling LME on Port 2 changes the behavior of the ports. If you do not configure Port 2, the behavior of the ports continues to function as before (with Port 1 sending UI, SNMP, and email alerts (SMTP) traffic, and Port 2 reserved for service use).

Note:

If you plan to configure Port 2, use a separate subnet/gateway than Port 1, otherwise all traffic will go through Port 1.

Table 7-1 Port Configuration Options

Configuration	Port 1 Settings	Port 2 Settings
LME enabled on Port 2	Configured normally. Used for UI, SNMP, SMTP, SDP-2 traffic.	New address with different subnet and gateway than Port 1. Used for OKM traffic only and direct Service laptop connection.
LME enabled on Port 1 (Not recommended as key traffic will be mixed with other traffic.)	Configured normally. Used for UI, SNMP, SMTP, OKM traffic.	192.168.10.10 (default) Used for SDP-2 traffic and direct Service laptop connection.
LME disabled with Port 2 unchanged	Configured normally. Used for UI, SNMP, SMTP traffic.	192.168.10.10 (default) Used for SDP-2 traffic and direct Service laptop connection.
LME disabled with Port 2 altered (Leave Port 2 setting unchanged unless using it for LME.)	Configured normally. Used for UI, SNMP, SMTP traffic.	New address with different subnet and gateway than Port 1. Used for SDP-2 traffic and direct Service laptop connection.

Configuration

Port 1 Settings

Port 2 Settings

LME enabled on Port 2

Configured normally.

Used for UI, SNMP, SMTP, SDP-2 traffic.

New address with different subnet and gateway than Port 1.

Used for OKM traffic only and direct Service laptop connection.

LME enabled on Port 1

(Not recommended as key traffic will be mixed with other traffic.)

Configured normally.

Used for UI, SNMP, SMTP, OKM traffic.

192.168.10.10 (default)

Used for SDP-2 traffic and direct Service laptop connection.

LME disabled with Port 2 unchanged

Configured normally.

Used for UI, SNMP, SMTP traffic.

192.168.10.10 (default)

Used for SDP-2 traffic and direct Service laptop connection.

LME disabled with Port 2 altered

(Leave Port 2 setting unchanged unless using it for LME.)

Configured normally.

Used for UI, SNMP, SMTP traffic.

New address with different subnet and gateway than Port 1.

Used for SDP-2 traffic and direct Service laptop connection.

Port 1 Behavior with LME Enabled on Port 2

With Port 2 enabled for LME, Port 1 continues to act as the primary port for the customer to manage the library sending UI, SNMP, and email alert (SMTP) traffic. In addition, Port 1 will send SDP-2 traffic. Since the library will only send LME (OKM) traffic through Port 2, this requires the Oracle Service tool SDP-2 to now be connected to Port 1 when LME is enabled on Port 2.

Port 2 Behavior with LME Enabled on Port 2

When Port 2 is configured for LME, the library will send all OKM communication through Port 2 (as long as you configure Port 1 and 2 on different subnets). A service representative can still directly connect to port 2 for troubleshooting when the port is configured for LME. However, they must configure the laptop with a valid IP address on the same subnet as Port 2. If the OKM Cluster is on the same subnet as Port 2, then access to Port 1 from any device on Port 2’s subnet is restricted. Connection to Port 1 is only allowed outside of the Port 2 subnet.

Related Topics

Configure Library Managed Encryption (LME)