Nortel Networks 1000ASE-XD, 1000BASE-SX RADIUS-based network security, MAC address-based security

Chapter 1 BayStack 420 Switch 37

RADIUS-based network security

The RADIUS-based security feature allows you to set up network access control, using the RADIUS (Remote Authentication Dial-In User Services) security protocol. The RADIUS-based security feature uses the RADIUS protocol to authenticate local console and Telnet logins.

You will need to set up specific user accounts (user names and passwords, and Service-Type attributes) on your RADIUS server before the authentication process can be initiated. To provide each user with appropriate levels of access to the switch, set the following username attributes on your RADIUS server:

•Read-write access—Set the Service-Type field value to Administrative.

•Read-only access—Set the Service-Type field value to NAS-Prompt.

For detailed instructions to set up your RADIUS server, refer to your RADIUS server documentation.

For instructions to use the console interface (CI) to set up the RADIUS-based security feature, see Chapter 3, “Using the console interface,” on page 87.

MAC address-based security

The MAC address-based security feature allows you to set up network access control, based on source MAC addresses of authorized stations.

You can:

•Create a list of up to 448 MAC addresses and specify which addresses are authorized to connect to your switch or stack configuration. The 448 MAC addresses can be configured within a single standalone switch, or they can be distributed in any order among the units in a single stack configuration.

•Specify which of your switch ports each MAC address is allowed to access.

The options for allowed port access include: NONE, ALL, and single or multiple ports that are specified in a list, for example, 1/1-4,1/6,2/9 (see “Port list syntax” on page 115).

•Specify optional actions to be exercised by your switch if the software detects a security violation.

Using the BayStack 420 10/100/1000 Switch