Behavior of Library Port 1 and Port 2 with LME
The LME configuration affects the behavior of library port 1 and 2.
With library code 3.50 and above, you can configure Network Port 2 for library managed encryption (LME). Enabling LME on Port 2 changes the behavior of the ports. If you do not configure Port 2, the behavior of the ports continues to function as before (with Port 1 sending UI, SNMP, and email alerts (SMTP) traffic, and Port 2 reserved for service use).
Note:
If you plan to configure Port 2, use a separate subnet/gateway than Port 1, otherwise all traffic will go through Port 1.
Table 7-1 Port Configuration Options
Configuration | Port 1 Settings | Port 2 Settings |
---|---|---|
LME enabled on Port 2 |
Configured normally. Used for UI, SNMP, SMTP, SDP-2 traffic. |
New address with different subnet and gateway than Port 1. Used for OKM traffic only and direct Service laptop connection. |
LME enabled on Port 1 (Not recommended as key traffic will be mixed with other traffic.) |
Configured normally. Used for UI, SNMP, SMTP, OKM traffic. |
192.168.10.10 (default) Used for SDP-2 traffic and direct Service laptop connection. |
LME disabled with Port 2 unchanged |
Configured normally. Used for UI, SNMP, SMTP traffic. |
192.168.10.10 (default) Used for SDP-2 traffic and direct Service laptop connection. |
LME disabled with Port 2 altered (Leave Port 2 setting unchanged unless using it for LME.) |
Configured normally. Used for UI, SNMP, SMTP traffic. |
New address with different subnet and gateway than Port 1. Used for SDP-2 traffic and direct Service laptop connection. |
Port 1 Behavior with LME Enabled on Port 2
With Port 2 enabled for LME, Port 1 continues to act as the primary port for the customer to manage the library sending UI, SNMP, and email alert (SMTP) traffic. In addition, Port 1 will send SDP-2 traffic. Since the library will only send LME (OKM) traffic through Port 2, this requires the Oracle Service tool SDP-2 to now be connected to Port 1 when LME is enabled on Port 2.
Port 2 Behavior with LME Enabled on Port 2
When Port 2 is configured for LME, the library will send all OKM communication through Port 2 (as long as you configure Port 1 and 2 on different subnets). A service representative can still directly connect to port 2 for troubleshooting when the port is configured for LME. However, they must configure the laptop with a valid IP address on the same subnet as Port 2. If the OKM Cluster is on the same subnet as Port 2, then access to Port 1 from any device on Port 2’s subnet is restricted. Connection to Port 1 is only allowed outside of the Port 2 subnet.
Related Topics