Manuals / Nortel Networks / Computer Equipment / Switch

Nortel Networks 10BASE-T manual MAC Address-Based Security

Models: 10BASE-T

1 330

Download 330 pages 13.91 Kb

Page 45

Introduction to the BayStack 410-24T Switch

MAC Address-Based Security

The MAC address-based security feature allows you to set up network access control, based on source MAC addresses of authorized stations.

You can:

•Create a list of up to 448 MAC addresses and specify which addresses are authorized to connect to your switch or stack configuration. The 448 MAC addresses can be configured within a single standalone switch or they can be distributed in any order among the units in a single stack configuration.

•Specify which of your switch ports each MAC address is allowed to access.

The options for allowed port access include: NONE, ALL, and single or multiple ports that are specified in a list, for example, 1/1-4,1/6,2/9 (see “Port List Syntax” on page 3-34).

•Specify optional actions to be exercised by your switch if the software detects a security violation.

The response can be to send a trap, turn on destination address (DA) filtering, disable the specific port, or any combination of these three options.

For instructions on using the console interface (CI) to set up network access control, see “MAC Address-Based Security” on page 3-23.

The MAC address-based security feature is based on Nortel Networks BaySecure™ LAN Access for Ethernet, a real-time security system that safeguards Ethernet networks from unauthorized surveillance and intrusion.

To learn more about Nortel Networks BaySecure LAN Access for Ethernet, refer to the Bay Networks Guide to Implementing BaySecure LAN Access for Ethernet (Part number 345-1106A).

309985-C Rev 00

1-15

Image 45

Nortel Networks 10BASE-T manual MAC Address-Based Security

Contents

Using the BayStack 410-24T 10BASE-T Switch Trademarks Copyright 2000 Nortel NetworksStatement of Conditions USA Requirements OnlyTaiwan Requirements Japan/Nippon Requirements OnlyCanada Requirements Only EC Declaration of ConformityNortel Networks NA Inc. Software License Agreement Rev Page Contents Viii Chapter Installing the BayStack 410-24T Switch Chapter Using the Console Interface Chapter Troubleshooting Appendix B Media Dependent Adapters Appendix D Connectors and Pin Assignments Page Figures Vlan Configuration Spanning Multiple Switches IP Configuration/Setup Screen Standalone Switch Figure B-1 Figure C-3 Page Tables 102 Preface Audience Switch View a sample BootP configuration fileOrganization This guide has four chapters, six appendixes, and an indexText Conventions Acronyms Reverse Address Resolution Protocol Remote Authentication Dial-In User ServicesRedundant power supply unit Media dependent adapterRelated Publications Technical Solutions Center Telephone How to Get HelpPage Description BayStack 410-24T SwitchComm Port Front PanelUplink/Expansion ModuleSlot 10BASE-T Port ConnectorsLED Display Panel BayStack 410-24T Switch LED DescriptionsProvides descriptions of the LEDs Label Type Color State MeaningCAS Up Stack mode Off Switch is in standalone mode Green Back Panel BayStack 410-24T Switch Back PanelAC Power Receptacle International Power Cord SpecificationsCountry/Plug description Specifications Typical plug Rpsu Connector Cascade Module SlotCooling Fans Features Telnet Introduction to the BayStack 410-24T Switch Virtual Local Area Networks VLANs Security BayStack 410-24T Switch Security FeatureSee MAC Address-Based Security on MAC Address-Based Security Ieee 802.1p RADIUS-Based Network SecuritySnmp Security Configuration and Switch Management Igmp Snooping FeatureSwitch Software Image Flash Memory StorageAutosensing and Autonegotiation Configuration ParametersMultiLink Trunking Ieee 802.1Q VLANsPort Mirroring BootP Automatic IP Configuration/MAC Address Snmp MIB Support Trap Name Configurable Sent whenSnmp Trap Support Supported Snmp TrapsDesktop Switch Application Network ConfigurationBayStack 410-24T Switch Used as a Desktop Switch BayStack 410-24T Switch Used as a Workgroup Switch Segment Switch ApplicationConfiguring Power Workgroups and a Shared Media Hub High-Density Switched Workgroup ApplicationFail-Safe Stack Example Fail-Safe Stack Application10. Compatible Software Versions Stack OperationUsing the BayStack 410-24T 10BASE-T Switch Cascade a Out Connector Unit Select SwitchBayStack 400-ST1 Cascade Module 12. Connecting Cascade Cables Cascade a In ConnectorBase Unit Using the BayStack 410-24T 10BASE-T Switch Stack Configurations Stack Down Configurations Stack Up Configurations14. Stack Down Configuration Example Redundant Cascade Stacking Feature 15. Redundant Cascade Stacking Feature 16. Port-Based Vlan Example Ieee 802.1Q Vlan WorkgroupsIeee 802.1Q Tagging 17. Default Vlan Settings 18. Port-Based Vlan Assignment 20 .1Q Tag Assignment VLANs Spanning Multiple 802.1Q Tagged Switches VLANs Spanning Multiple Switches23. VLANs Spanning Multiple Untagged Switches VLANs Spanning Multiple Untagged Switches24. Possible Problems with VLANs and Spanning Tree Protocol 25. Multiple VLANs Sharing Resources Shared Servers26. Vlan Broadcast Domains Within the Switch Default Vlan Configuration screen opens Figure To configure the Vlan port membership for Vlan28. Vlan Configuration Screen Example To configure the Pvid port Vlan identifier for Port29. Default Vlan Port Configuration Screen Example Vlan Workgroup Summary 30. Vlan Port Configuration Screen Example31. Vlan Configuration Spanning Multiple Switches Vlan Configuration Rules Igmp Snooping 32. IP Multicast Propagation With Igmp Routing 33. BayStack 410-24T Switch Filtering IP Multicast Streams 1 34. BayStack 410-24T Switch Filtering IP Multicast Streams 2 Igmp Snooping Configuration Rules 35. Prioritizing Packets Ieee 802.1p Prioritizing36. Port Transmit Queue Traffic Class Configuration screen opens Figure To configure the port priority level, follow these steps38. Setting Port Priority Example Vlan Port Configuration screen opens FigureMultiLink Trunks 39. Switch-to-Switch Trunk Configuration Example40. Switch-to-Server Trunk Configuration Example Client/Server Configuration Using MultiLink Trunks41. Client/Server Configuration Example Trunk Configuration Screen Examples Trunk Configuration Screen for Switch S1Setting Up the Trunk Configuration for S1 43. MultiLink Trunk Configuration Screen for Switch S1 MultiLink Trunk Configuration screen opens FigureUsing the BayStack 410-24T 10BASE-T Switch 44. MultiLink Trunk Configuration Screen for Switch S2 Trunk Configuration Screen for Switch S2Using the BayStack 410-24T 10BASE-T Switch 45. MultiLink Trunk Configuration Screen for Switch S3 Trunk Configuration Screen for Switch S3Using the BayStack 410-24T 10BASE-T Switch 46. MultiLink Trunk Configuration Screen for Switch S4 Trunk Configuration Screen for Switch S4Using the BayStack 410-24T 10BASE-T Switch MultiLink Trunking Configuration Rules Before Configuring TrunksUsing the BayStack 410-24T 10BASE-T Switch 47. Loss of Distributed Trunk Members 48. Path Cost Arbitration Example Spanning Tree Considerations for MultiLink Trunks49. Example 1 Correctly Configured Trunk 50. Example 2 Detecting a Misconfigured Port Additional Tips About the MultiLink Trunking Feature Port Mirroring Conversation Steering 51. Port-Based Mirroring Configuration Example Port-Based Mirroring ConfigurationUsing the BayStack 410-24T 10BASE-T Switch 52. Port Mirroring Port-Based Screen Example Address-Based Mirroring Configuration53. Address-Based Mirroring Configuration Example 54. Port Mirroring Address-Based Screen Example Port Mirroring Configuration Rules Installation Requirements Installing the BayStack 410-24T SwitchContents will be the same Installing the BayStack 410-24T Switch on a Flat Surface Installation ProcedureInstalling the BayStack 410-24T Switch in a Rack Positioning the Chassis in the Rack Attaching Mounting Brackets Attaching Devices to the BayStack 410-24T Switch BASE-T Port Connections Connecting 10BASE-T Ports and 10/100 MDA PortsFiber Optic Port Connections Connecting Fiber Optic MDA PortsConsole/Comm Port To connect a terminal to the Console/Comm port Connecting a Terminal to the Console/Comm PortConnecting Power Grounded AC Power Outlet BayStack 410-24T Switch AC Power ReceptacleVerifying the Installation Using the LEDs Verifying the InstallationPower-Up Sequence Stage Description LED indicationConfiguration includes an additional test Cascade Sram test Verifying the Installation Using the Self-Test Screen12. Nortel Networks Logo Screen Standalone Switch Setup Initial Setup13. Main Menu for Standalone Switch 14. IP Configuration/Setup Screen Standalone Switch Stack Setup 15. Main Menu Standalone Switch Example 17. IP Configuration/Setup Screen Stack Configuration Installing the BayStack 410-24T Switch Page Chapter Using the Console Interface Navigating the CI Menus and Screens Using the CI Menus and ScreensMap of Console Interface Screens Screen Fields and DescriptionsConsole Interface Main Menu Main MenuConsole Interface Main Menu options Describes the CI main menu optionsSave Current Settings Configuration FileReset Reset to DefaultLogout OptionDescriptionIP Configuration/Setup Screen IP Configuration/SetupIP Configuration/Setup Screen Fields Describes the IP Configuration/Setup screen fieldsFieldDescription Choosing a BootP Request ModeIP Address to PingBootP or Last Address BootP DisabledBootP Always BootP When NeededDescribes the Snmp Configuration screen fields Snmp ConfigurationSnmp Configuration Screen Fields Field Description Read-OnlySnmp Configuration Screen Fields Describes the System Characteristics screen fields System CharacteristicsSystem Characteristics Screen Fields System Characteristics Screen Fields Describes the Switch Configuration Menu screen options Switch ConfigurationSwitch Configuration Menu Screen Options Switch Configuration Menu Screen Options MAC Address Table Screen MAC Address TableMAC Address Table Screen Fields Describes the MAC Address Table screen fieldsField Description Aging Time Find an AddressMAC Address-Based Security MAC Address Security Configuration Menu MAC Address Security Configuration Menu Options MAC Address Security ConfigurationMAC Address Security Configuration Screen Field Description MAC Address Security MAC Address Security Configuration Screen FieldsSNMP-Locked Partition TimeMAC Address Security Port Configuration 10. MAC Address Security Port Configuration Screen 1 11. MAC Address Security Port Configuration Screen 2 Field Description Unit MAC Address Security Port Configuration Screen FieldsPort Trunk12. MAC Address Security Port Lists Screens 5 Screens MAC Address Security Port ListsMAC Address Security Port Lists Screen Fields Field Description EntryPort List Port List Syntax Adding a New Port to an Existing Port Number List Removing a Port from an Existing Port Number ListCopying an Existing Field into an Adjacent Field 14. MAC Address Security Table Screens 16 Screens MAC Address Security Table15. MAC Address Security Table Screen MAC Address Security Table Screen Fields Field Description Find an AddressAllowed Source Vlan Configuration Menu 12. Vlan Configuration Menu Screen Options 12 describes the Vlan Configuration Menu screen optionsVlan Configuration 13 describes the Vlan Configuration screen fields Vlan Configuration Screen FieldsField Description Create Vlan Protocol Id PID Vlan TypeField Description User-defined PID 13. Vlan Configuration Screen FieldsVlan State Port MembershipPID Name Encapsulation PID Value hex Vlan Type Predefined Protocol Identifier PIDPID Value hex Comments Reserved PIDsVlan Port Configuration Gigabit Ports and BayStack 410-24T Switch Ports Restriction16 describes the Vlan Port Configuration screen fields Vlan Port Configuration Screen FieldsFilter Tagged Frames 16. Vlan Port Configuration Screen Fields 19. Vlan Display by Port Screen Vlan Display by PortTraffic Class Configuration 18 describes the Traffic Class Configuration screen fields Traffic Class Configuration Screen FieldsField Description User Priority Port Configuration Port Configuration Screen 1Rev Port Configuration Screen Fields 19 describes the Port Configuration screen fieldsLnkTrap High Speed Flow Control ConfigurationAutonegotiation Speed/Duplex120. High Speed Flow Control Configuration Screen Fields 23. High Speed Flow Control Configuration ScreenHigh Speed Flow Control Configuration Screen Fields Choosing a High Speed Flow Control ModeMultiLink Trunk Configuration Symmetric ModeAsymmetric Mode 21. MultiLink Trunk Configuration Menu Screen Options Option Description MultiLink TrunkUtilization MultiLink Trunk Configuration Screen Field Description Trunk MultiLink Trunk Configuration Screen FieldsMultiLink Trunk Utilization Screen MultiLink Trunk Configuration Screen Fields26. MultiLink Trunk Utilization Screen 1 MultiLink Trunk Utilization Screen Fields 23 describes the MultiLink Trunk Utilization screen fieldsTraffic Type Unit/Port23. MultiLink Trunk Utilization Screen Fields Port Mirroring ConfigurationField Description Last 5 Minutes Last 30 Minutes24. Port Mirroring Configuration Screen Fields 24 describes the Port Mirroring Configuration screen fieldsUnit/Port Y Field Description Monitor Unit/PortAddress a Address BMonitoring Modes Fields Description Port-basedAddress-based 29. Rate Limiting Configuration Screen 1 Rate Limiting Configuration30. Rate Limiting Configuration Screen 2 Rate Limiting Configuration Screen Fields 26 describes the Rate Limiting Configuration screen fieldsPacket Type LimitIgmp Configuration Menu 27 describes the Igmp Configuration Menu screen options27. Igmp Configuration Menu Screen Options Igmp Configuration Option Description Display Multicast GroupMembership 28 describes the Igmp Configuration screen fields Igmp Configuration Screen FieldsField Description Igmp Configuration Screen Fields 28. Igmp Configuration Screen Fields Configuring Ports as Static Router PortsMulticast Group Membership 29 describes the Multicast Group Membership screen options Multicast Group Membership Screen OptionsOption Description 34. Port Statistics Screen Port Statistics30 describes the Port Statistics screen fields Gigabit MDAPort Statistics Screen Fields Port Statistics Screen Fields Pause Frames Single Collisions35. ATM Configuration Menu Screen ATM Configuration MenuBefore Configuring Your ATM MDA LEC Configuration 31 describes the ATM Configuration Menu screen options31. ATM Configuration Menu Screen Options MDA SoftwareLEC Configuration Screen Fields 32 describes the LEC Configuration screen fieldsLEC Configuration Screen Fields 32. LEC Configuration Screen Fields ATM MDA ConfigurationATM MDA Configuration Screen Fields 33 describes the ATM MDA Configuration screen fieldsUNI Version User DefinedField Description PHY Type ATM MDA Software Download34 describes the ATM MDA Software Download screen fields 34. ATM MDA Software Download Screen FieldsTftp Server IP Address Using the Console Interface 35. Console/Comm Port Configuration Screen Fields Console/Comm Port ConfigurationBaud, 4800 Baud, 9600 Baud, 19200 Baud, 38400 Baud Password Type FieldDescription Console SwitchTelnet Switch Console StackField Description Telnet Stack Switch PasswordConsole Read-Only Console Read-WriteAn Ascii string of up to 15 printable characters Any Ascii string of up to 15 printable characters Server 40. Renumber Stack Units Screen Renumber Stack Units36. Renumber Stack Units Screen Options 36 describes the Renumber Stack Units screen optionsHardware Unit Information Spanning Tree ConfigurationReturn to Main Menu 37. Spanning Tree Configuration Menu Screen Options43. Spanning Tree Port Configuration Screen 1 Spanning Tree Port ConfigurationSpanning Tree Port Configuration Screen Fields 44. Spanning Tree Port Configuration Screen 2Spanning Tree Port Configuration Screen Fields 45. Spanning Tree Switch Settings Screen Display Spanning Tree Switch Settings39 describes the Spanning Tree Switch Settings parameters 39. Spanning Tree Switch Settings ParametersParameter Description Delay Parameter Description Forward DelayBridge Hello Time46. TELNET/SNMP Manager List Configuration Screen TELNET/SNMP Manager List ConfigurationLogin Timeout Login Retries Inactivity Event Logging 40. TELNET/SNMP Manager List Configuration Screen FieldsField Description Allowed Source IP AddressMask Software Download 41. Software Download Screen Fields 41 describes the Software Download screen fieldsNew Image LED Indications During the Download ProcessPhase Description LED Indications 42. LED Indications During the Software Download ProcessLink status LEDs ports 18 to 24 only The LEDs begin to 48. Configuration File Download/Upload Screen Configuration FileCopy Configuration 43. Configuration File Download/Upload Screen FieldsRetrieve Configuration Image to ServerThese parameters are not saved Used in this screen See Parameters Not Saved to the Configuration File49. Event Log Screen Display Event Log50. Sample Event Log Entry Showing Excessive Bad Entries Excessive Bad EntriesWrite Threshold Flash UpdateReset Save Current Settings53. Self-Test Screen After Resetting the Switch 54. Nortel Networks Logo Screen Reset to Default Settings 55. Self-Test Screen After Resetting to Default Settings 129 Logout 57. Password Prompt ScreenChapter Troubleshooting Interpreting the LEDs Troubleshooting Diagnosing and Correcting the Problem Normal Power-Up Sequence Symptom Probable cause Corrective actionCorrective Actions See Port Connection Problems on Port Connection ProblemsPort Interface Autonegotiation ModesSoftware Download Error Codes Software Download Error CodesError code Description Corrective action Center Page Parameter Specifications Parameter Operating Specification Storage SpecificationEnvironmental ElectricalPhysical Dimensions Performance SpecificationsNetwork Protocol and Standards Compatibility Data Rate Safety Agency CertificationInterface Options Electromagnetic EmissionsDeclaration of Conformity Electromagnetic ImmunityType Model/Description See Appendix B Media Dependent AdaptersLabel Description 10BASE-T/100BASE-TX MDA100BASE-FX MDAs Figure B-2 BASE-FX MDA Front Panels Table B-2 BASE-FX MDA Components Figure B-3. Installing an MDA Installing an MDARemove the AC power cord from the power source When replacing an installed MDAReplacing an MDA Loosen the thumbscrews and remove the MDAPage To learn more about See Appendix C Quick Steps to FeaturesTo create or modify an 802.1Q VLAN, follow the flowcharts Configuring 802.1Q VLANsFigure C-2. Configuring 802.1Q VLANs 2 Figure C-3. Configuring 802.1Q VLANs 3 Figure C-4. Configuring the BayStack 450-2M3/2S3 MDA 1 Configuring the BayStack 450-2M3/2S3 MDAsFigure C-5. Configuring the BayStack 450-2M3/2S3 MDA 2 Figure C-6. Configuring the BayStack 450-2M3/2S3 MDA 3 Figure C-7. Configuring MultiLink Trunks Configuring MultiLink TrunksFigure C-8. Configuring Port Mirroring 1 Configuring Port MirroringFigure C-9. Configuring Port Mirroring 2 Figure C-10. Configuring Igmp Snooping 1 Configuring Igmp SnoopingFigure C-11. Configuring Igmp Snooping 2 Figure C-12. Configuring Igmp Snooping 3 Page Figure D-1. RJ-45 8-Pin Modular Port Connector RJ-45 10BASE-T/100BASE-TX Port ConnectorsTable D-1 RJ-45 Port Connector Pin Assignments Pin Signal DescriptionMDI and MDI-X Devices Figure D-2. MDI-X to MDI Cable Connections MDI-X to MDI Cable ConnectionsFigure D-3 MDI-X to MDI-X Cable Connections MDI-X to MDI-X Cable ConnectionsTable D-2 DB-9 Console/Comm Port Connector Pin Assignments DB-9 RS-232-D Console/Comm Port ConnectorPage Appears in this CI screen Field Default setting Appendix E Default SettingsUsing the BayStack 410-24T 10BASE-TSwitch Default Settings Using the BayStack 410-24T 10BASE-T Switch LEC Console Switch Password Type 40 on Using the BayStack 410-24T 10BASE-T Switch Appendix F Sample BootP Configuration File Using the BayStack 410-24T 10BASE-T Switch Index Index-2 Index-3 Index-4 Index-5 Index-6