Manuals / Nortel Networks / Computer Equipment / Switch

Nortel Networks 10BASE-T manual See MAC Address-Based Security on

Models: 10BASE-T

1 330

Download 330 pages 13.91 Kb

Page 44

Using the BayStack 410-24T 10BASE-T Switch

In this configuration example, the following security measures are implemented:

•The switch

--MAC address-based security is used to allow up to 448 authorized stations (MAC addresses) access to one or more switch ports

(see “MAC Address-Based Security” on page 1-15).

--RADIUS-based security is used to limit administrative access through user authentication (see “RADIUS-Based Network Security” on page 1-16).

--SNMP-based security is used to limit administrative access through selective IP filtering (see “TELNET/SNMP Manager List Configuration” on page 3-111).

--The switch is located in a locked closet, accessible only by authorized Technical Services personnel.

•Student dormitory

Dormitory rooms are typically occupied by two students and have been prewired with two RJ-45 jacks. Only students who are authorized (as specified by the MAC address-based security feature) can access the switch on the secured ports.

•Teachers’ offices and classrooms

The PCs that are located in the teachers’ offices and in the classrooms are assigned MAC address-based security that is specific for each classroom and office location. The security feature logically locks each wall jack to the specified station and prevents unauthorized access to the switch should someone attempt to connect a personal laptop PC into the wall jack. The printer is assigned as a single station and is allowed full bandwidth on that switch port.

It is assumed that all PCs are password protected and that the classrooms and offices are physically secured.

•Library

The wall jacks in the library are set up so that the PCs can be connected to any wall jack in the room. This allows the PCs to be moved anywhere in the room. The exception is the printer, which is assigned as a single station with full bandwidth to that port.

It is assumed that all PCs are password protected and that access to the library is physically secured.

1-14	309985-C Rev 00

Image 44

Nortel Networks 10BASE-T manual See MAC Address-Based Security on

Contents

Using the BayStack 410-24T 10BASE-T Switch Copyright 2000 Nortel Networks TrademarksStatement of Conditions USA Requirements OnlyJapan/Nippon Requirements Only Taiwan RequirementsCanada Requirements Only EC Declaration of ConformityNortel Networks NA Inc. Software License Agreement Rev Page Contents Viii Chapter Installing the BayStack 410-24T Switch Chapter Using the Console Interface Chapter Troubleshooting Appendix B Media Dependent Adapters Appendix D Connectors and Pin Assignments Page Figures Vlan Configuration Spanning Multiple Switches IP Configuration/Setup Screen Standalone Switch Figure B-1 Figure C-3 Page Tables 102 Preface Switch View a sample BootP configuration file AudienceOrganization This guide has four chapters, six appendixes, and an indexText Conventions Acronyms Remote Authentication Dial-In User Services Reverse Address Resolution ProtocolRedundant power supply unit Media dependent adapterRelated Publications How to Get Help Technical Solutions Center TelephonePage BayStack 410-24T Switch DescriptionFront Panel Comm Port10BASE-T Port Connectors Uplink/Expansion ModuleSlotBayStack 410-24T Switch LED Descriptions LED Display PanelProvides descriptions of the LEDs Label Type Color State MeaningCAS Up Stack mode Off Switch is in standalone mode Green BayStack 410-24T Switch Back Panel Back PanelCountry/Plug description Specifications Typical plug AC Power ReceptacleInternational Power Cord Specifications Cooling Fans Rpsu ConnectorCascade Module Slot Features Telnet Introduction to the BayStack 410-24T Switch Virtual Local Area Networks VLANs BayStack 410-24T Switch Security Feature SecuritySee MAC Address-Based Security on MAC Address-Based Security Snmp Security Ieee 802.1pRADIUS-Based Network Security Igmp Snooping Feature Configuration and Switch ManagementSwitch Software Image Flash Memory StorageConfiguration Parameters Autosensing and AutonegotiationPort Mirroring MultiLink TrunkingIeee 802.1Q VLANs BootP Automatic IP Configuration/MAC Address Trap Name Configurable Sent when Snmp MIB SupportSnmp Trap Support Supported Snmp TrapsNetwork Configuration Desktop Switch ApplicationBayStack 410-24T Switch Used as a Desktop Switch Segment Switch Application BayStack 410-24T Switch Used as a Workgroup SwitchHigh-Density Switched Workgroup Application Configuring Power Workgroups and a Shared Media HubFail-Safe Stack Application Fail-Safe Stack ExampleStack Operation 10. Compatible Software VersionsUsing the BayStack 410-24T 10BASE-T Switch BayStack 400-ST1 Cascade Module Cascade a Out ConnectorUnit Select Switch Cascade a In Connector 12. Connecting Cascade CablesBase Unit Using the BayStack 410-24T 10BASE-T Switch Stack Configurations Stack Up Configurations Stack Down Configurations14. Stack Down Configuration Example Redundant Cascade Stacking Feature 15. Redundant Cascade Stacking Feature Ieee 802.1Q Vlan Workgroups 16. Port-Based Vlan ExampleIeee 802.1Q Tagging 17. Default Vlan Settings 18. Port-Based Vlan Assignment 20 .1Q Tag Assignment VLANs Spanning Multiple Switches VLANs Spanning Multiple 802.1Q Tagged SwitchesVLANs Spanning Multiple Untagged Switches 23. VLANs Spanning Multiple Untagged Switches24. Possible Problems with VLANs and Spanning Tree Protocol Shared Servers 25. Multiple VLANs Sharing Resources26. Vlan Broadcast Domains Within the Switch To configure the Vlan port membership for Vlan Default Vlan Configuration screen opens FigureTo configure the Pvid port Vlan identifier for Port 28. Vlan Configuration Screen Example29. Default Vlan Port Configuration Screen Example 30. Vlan Port Configuration Screen Example Vlan Workgroup Summary31. Vlan Configuration Spanning Multiple Switches Vlan Configuration Rules Igmp Snooping 32. IP Multicast Propagation With Igmp Routing 33. BayStack 410-24T Switch Filtering IP Multicast Streams 1 34. BayStack 410-24T Switch Filtering IP Multicast Streams 2 Igmp Snooping Configuration Rules Ieee 802.1p Prioritizing 35. Prioritizing Packets36. Port Transmit Queue To configure the port priority level, follow these steps Traffic Class Configuration screen opens FigureVlan Port Configuration screen opens Figure 38. Setting Port Priority Example39. Switch-to-Switch Trunk Configuration Example MultiLink TrunksClient/Server Configuration Using MultiLink Trunks 40. Switch-to-Server Trunk Configuration Example41. Client/Server Configuration Example Setting Up the Trunk Configuration for S1 Trunk Configuration Screen ExamplesTrunk Configuration Screen for Switch S1 MultiLink Trunk Configuration screen opens Figure 43. MultiLink Trunk Configuration Screen for Switch S1Using the BayStack 410-24T 10BASE-T Switch Trunk Configuration Screen for Switch S2 44. MultiLink Trunk Configuration Screen for Switch S2Using the BayStack 410-24T 10BASE-T Switch Trunk Configuration Screen for Switch S3 45. MultiLink Trunk Configuration Screen for Switch S3Using the BayStack 410-24T 10BASE-T Switch Trunk Configuration Screen for Switch S4 46. MultiLink Trunk Configuration Screen for Switch S4Using the BayStack 410-24T 10BASE-T Switch Before Configuring Trunks MultiLink Trunking Configuration RulesUsing the BayStack 410-24T 10BASE-T Switch 47. Loss of Distributed Trunk Members Spanning Tree Considerations for MultiLink Trunks 48. Path Cost Arbitration Example49. Example 1 Correctly Configured Trunk 50. Example 2 Detecting a Misconfigured Port Additional Tips About the MultiLink Trunking Feature Port Mirroring Conversation Steering Port-Based Mirroring Configuration 51. Port-Based Mirroring Configuration ExampleUsing the BayStack 410-24T 10BASE-T Switch Address-Based Mirroring Configuration 52. Port Mirroring Port-Based Screen Example53. Address-Based Mirroring Configuration Example 54. Port Mirroring Address-Based Screen Example Port Mirroring Configuration Rules Installing the BayStack 410-24T Switch Installation RequirementsContents will be the same Installation Procedure Installing the BayStack 410-24T Switch on a Flat SurfaceInstalling the BayStack 410-24T Switch in a Rack Positioning the Chassis in the Rack Attaching Mounting Brackets Attaching Devices to the BayStack 410-24T Switch Connecting 10BASE-T Ports and 10/100 MDA Ports BASE-T Port ConnectionsConnecting Fiber Optic MDA Ports Fiber Optic Port ConnectionsConsole/Comm Port Connecting a Terminal to the Console/Comm Port To connect a terminal to the Console/Comm portConnecting Power BayStack 410-24T Switch AC Power Receptacle Grounded AC Power OutletVerifying the Installation Verifying the Installation Using the LEDsPower-Up Sequence Stage Description LED indicationVerifying the Installation Using the Self-Test Screen Configuration includes an additional test Cascade Sram test12. Nortel Networks Logo Screen Initial Setup Standalone Switch Setup13. Main Menu for Standalone Switch 14. IP Configuration/Setup Screen Standalone Switch Stack Setup 15. Main Menu Standalone Switch Example 17. IP Configuration/Setup Screen Stack Configuration Installing the BayStack 410-24T Switch Page Chapter Using the Console Interface Using the CI Menus and Screens Navigating the CI Menus and ScreensScreen Fields and Descriptions Map of Console Interface ScreensMain Menu Console Interface Main MenuDescribes the CI main menu options Console Interface Main Menu optionsConfiguration File Save Current SettingsReset Reset to DefaultOptionDescription LogoutIP Configuration/Setup IP Configuration/Setup ScreenDescribes the IP Configuration/Setup screen fields IP Configuration/Setup Screen FieldsChoosing a BootP Request Mode FieldDescriptionIP Address to PingBootP Disabled BootP or Last AddressBootP When Needed BootP AlwaysSnmp Configuration Describes the Snmp Configuration screen fieldsSnmp Configuration Screen Fields Field Description Read-OnlySnmp Configuration Screen Fields System Characteristics Describes the System Characteristics screen fieldsSystem Characteristics Screen Fields System Characteristics Screen Fields Switch Configuration Describes the Switch Configuration Menu screen optionsSwitch Configuration Menu Screen Options Switch Configuration Menu Screen Options MAC Address Table MAC Address Table ScreenDescribes the MAC Address Table screen fields MAC Address Table Screen FieldsField Description Aging Time Find an AddressMAC Address-Based Security MAC Address Security Configuration Menu MAC Address Security Configuration MAC Address Security Configuration Menu OptionsMAC Address Security Configuration Screen MAC Address Security Configuration Screen Fields Field Description MAC Address SecuritySNMP-Locked Partition TimeMAC Address Security Port Configuration 10. MAC Address Security Port Configuration Screen 1 11. MAC Address Security Port Configuration Screen 2 MAC Address Security Port Configuration Screen Fields Field Description UnitPort TrunkMAC Address Security Port Lists 12. MAC Address Security Port Lists Screens 5 ScreensPort List MAC Address Security Port Lists Screen FieldsField Description Entry Port List Syntax Copying an Existing Field into an Adjacent Field Adding a New Port to an Existing Port Number ListRemoving a Port from an Existing Port Number List MAC Address Security Table 14. MAC Address Security Table Screens 16 Screens15. MAC Address Security Table Screen Allowed Source MAC Address Security Table Screen FieldsField Description Find an Address Vlan Configuration Menu 12 describes the Vlan Configuration Menu screen options 12. Vlan Configuration Menu Screen OptionsVlan Configuration Field Description Create Vlan 13 describes the Vlan Configuration screen fieldsVlan Configuration Screen Fields Vlan Type Protocol Id PID13. Vlan Configuration Screen Fields Field Description User-defined PIDVlan State Port MembershipPredefined Protocol Identifier PID PID Name Encapsulation PID Value hex Vlan TypeReserved PIDs PID Value hex CommentsGigabit Ports and BayStack 410-24T Switch Ports Restriction Vlan Port ConfigurationFilter Tagged Frames 16 describes the Vlan Port Configuration screen fieldsVlan Port Configuration Screen Fields 16. Vlan Port Configuration Screen Fields Vlan Display by Port 19. Vlan Display by Port ScreenTraffic Class Configuration Field Description User Priority 18 describes the Traffic Class Configuration screen fieldsTraffic Class Configuration Screen Fields Rev Port ConfigurationPort Configuration Screen 1 19 describes the Port Configuration screen fields Port Configuration Screen FieldsHigh Speed Flow Control Configuration LnkTrapAutonegotiation Speed/Duplex123. High Speed Flow Control Configuration Screen 20. High Speed Flow Control Configuration Screen FieldsChoosing a High Speed Flow Control Mode High Speed Flow Control Configuration Screen FieldsAsymmetric Mode MultiLink Trunk ConfigurationSymmetric Mode Utilization 21. MultiLink Trunk Configuration Menu Screen OptionsOption Description MultiLink Trunk MultiLink Trunk Configuration Screen MultiLink Trunk Configuration Screen Fields Field Description TrunkMultiLink Trunk Configuration Screen Fields MultiLink Trunk Utilization Screen26. MultiLink Trunk Utilization Screen 1 23 describes the MultiLink Trunk Utilization screen fields MultiLink Trunk Utilization Screen FieldsTraffic Type Unit/PortPort Mirroring Configuration 23. MultiLink Trunk Utilization Screen FieldsField Description Last 5 Minutes Last 30 Minutes24 describes the Port Mirroring Configuration screen fields 24. Port Mirroring Configuration Screen FieldsField Description Monitor Unit/Port Unit/Port YAddress a Address BAddress-based Monitoring ModesFields Description Port-based Rate Limiting Configuration 29. Rate Limiting Configuration Screen 130. Rate Limiting Configuration Screen 2 26 describes the Rate Limiting Configuration screen fields Rate Limiting Configuration Screen FieldsPacket Type Limit27. Igmp Configuration Menu Screen Options Igmp Configuration Menu27 describes the Igmp Configuration Menu screen options Membership Igmp ConfigurationOption Description Display Multicast Group Field Description 28 describes the Igmp Configuration screen fieldsIgmp Configuration Screen Fields Igmp Configuration Screen Fields Configuring Ports as Static Router Ports 28. Igmp Configuration Screen FieldsMulticast Group Membership Option Description 29 describes the Multicast Group Membership screen optionsMulticast Group Membership Screen Options Port Statistics 34. Port Statistics ScreenPort Statistics Screen Fields 30 describes the Port Statistics screen fieldsGigabit MDA Port Statistics Screen Fields Single Collisions Pause FramesATM Configuration Menu 35. ATM Configuration Menu ScreenBefore Configuring Your ATM MDA 31 describes the ATM Configuration Menu screen options LEC Configuration31. ATM Configuration Menu Screen Options MDA Software32 describes the LEC Configuration screen fields LEC Configuration Screen FieldsLEC Configuration Screen Fields ATM MDA Configuration 32. LEC Configuration Screen Fields33 describes the ATM MDA Configuration screen fields ATM MDA Configuration Screen FieldsUser Defined UNI VersionATM MDA Software Download Field Description PHY TypeTftp Server IP Address 34 describes the ATM MDA Software Download screen fields34. ATM MDA Software Download Screen Fields Using the Console Interface Console/Comm Port Configuration 35. Console/Comm Port Configuration Screen FieldsBaud, 4800 Baud, 9600 Baud, 19200 Baud, 38400 Baud FieldDescription Console Switch Password TypeTelnet Switch Console StackSwitch Password Field Description Telnet StackConsole Read-Only Console Read-WriteAn Ascii string of up to 15 printable characters Any Ascii string of up to 15 printable characters Server Renumber Stack Units 40. Renumber Stack Units Screen36 describes the Renumber Stack Units screen options 36. Renumber Stack Units Screen OptionsSpanning Tree Configuration Hardware Unit Information37. Spanning Tree Configuration Menu Screen Options Return to Main MenuSpanning Tree Port Configuration 43. Spanning Tree Port Configuration Screen 144. Spanning Tree Port Configuration Screen 2 Spanning Tree Port Configuration Screen FieldsSpanning Tree Port Configuration Screen Fields Display Spanning Tree Switch Settings 45. Spanning Tree Switch Settings ScreenParameter Description 39 describes the Spanning Tree Switch Settings parameters39. Spanning Tree Switch Settings Parameters Parameter Description Forward Delay DelayBridge Hello TimeTELNET/SNMP Manager List Configuration 46. TELNET/SNMP Manager List Configuration Screen40. TELNET/SNMP Manager List Configuration Screen Fields Login Timeout Login Retries Inactivity Event LoggingMask Field Description Allowed SourceIP Address Software Download 41 describes the Software Download screen fields 41. Software Download Screen FieldsLED Indications During the Download Process New ImageLink status LEDs ports 18 to 24 only The LEDs begin to Phase Description LED Indications42. LED Indications During the Software Download Process Configuration File 48. Configuration File Download/Upload Screen43. Configuration File Download/Upload Screen Fields Copy ConfigurationRetrieve Configuration Image to ServerParameters Not Saved to the Configuration File These parameters are not saved Used in this screen SeeDisplay Event Log 49. Event Log ScreenExcessive Bad Entries 50. Sample Event Log Entry Showing Excessive Bad EntriesFlash Update Write ThresholdSave Current Settings Reset53. Self-Test Screen After Resetting the Switch 54. Nortel Networks Logo Screen Reset to Default Settings 55. Self-Test Screen After Resetting to Default Settings 129 57. Password Prompt Screen LogoutChapter Troubleshooting Interpreting the LEDs Troubleshooting Diagnosing and Correcting the Problem Corrective Actions Normal Power-Up SequenceSymptom Probable cause Corrective action Port Connection Problems See Port Connection Problems onAutonegotiation Modes Port InterfaceError code Description Corrective action Software Download Error CodesSoftware Download Error Codes Center Page Parameter Operating Specification Storage Specification Parameter SpecificationsEnvironmental ElectricalNetwork Protocol and Standards Compatibility Physical DimensionsPerformance Specifications Safety Agency Certification Data RateInterface Options Electromagnetic EmissionsElectromagnetic Immunity Declaration of ConformityAppendix B Media Dependent Adapters Type Model/Description See10BASE-T/100BASE-TX MDA Label Description100BASE-FX MDAs Figure B-2 BASE-FX MDA Front Panels Table B-2 BASE-FX MDA Components Installing an MDA Figure B-3. Installing an MDAWhen replacing an installed MDA Remove the AC power cord from the power sourceReplacing an MDA Loosen the thumbscrews and remove the MDAPage Appendix C Quick Steps to Features To learn more about SeeConfiguring 802.1Q VLANs To create or modify an 802.1Q VLAN, follow the flowchartsFigure C-2. Configuring 802.1Q VLANs 2 Figure C-3. Configuring 802.1Q VLANs 3 Configuring the BayStack 450-2M3/2S3 MDAs Figure C-4. Configuring the BayStack 450-2M3/2S3 MDA 1Figure C-5. Configuring the BayStack 450-2M3/2S3 MDA 2 Figure C-6. Configuring the BayStack 450-2M3/2S3 MDA 3 Configuring MultiLink Trunks Figure C-7. Configuring MultiLink TrunksConfiguring Port Mirroring Figure C-8. Configuring Port Mirroring 1Figure C-9. Configuring Port Mirroring 2 Configuring Igmp Snooping Figure C-10. Configuring Igmp Snooping 1Figure C-11. Configuring Igmp Snooping 2 Figure C-12. Configuring Igmp Snooping 3 Page RJ-45 10BASE-T/100BASE-TX Port Connectors Figure D-1. RJ-45 8-Pin Modular Port ConnectorMDI and MDI-X Devices Table D-1 RJ-45 Port Connector Pin AssignmentsPin Signal Description MDI-X to MDI Cable Connections Figure D-2. MDI-X to MDI Cable ConnectionsMDI-X to MDI-X Cable Connections Figure D-3 MDI-X to MDI-X Cable ConnectionsDB-9 RS-232-D Console/Comm Port Connector Table D-2 DB-9 Console/Comm Port Connector Pin AssignmentsPage Appendix E Default Settings Appears in this CI screen Field Default settingUsing the BayStack 410-24T 10BASE-TSwitch Default Settings Using the BayStack 410-24T 10BASE-T Switch LEC Console Switch Password Type 40 on Using the BayStack 410-24T 10BASE-T Switch Appendix F Sample BootP Configuration File Using the BayStack 410-24T 10BASE-T Switch Index Index-2 Index-3 Index-4 Index-5 Index-6