Ieee 802.1p, Snmp Security | Nortel Networks 10BASE-T instruction

Using the BayStack 410-24T 10BASE-T Switch

RADIUS-Based Network Security

The RADIUS-based security feature allows you to set up network access control, using the RADIUS (Remote Authentication Dial-In User Services) security protocol. The RADIUS-based security feature uses the RADIUS protocol to authenticate local console and TELNET logins.

You will need to set up specific user accounts (user names and passwords, and Service-Type attributes) on your RADIUS server before the authentication process can be initiated. To provide each user with appropriate levels of access to the switch, set the following username attributes on your RADIUS server:

•Read-write access -- Set the Service-Type field value to Administrative.

•Read-only access -- Set the Service-Type field value to NAS-Prompt.

For detailed instructions about setting up your RADIUS server, refer to your RADIUS server documentation.

For instructions on using the console interface (CI) to set up the RADIUS-based security feature, see “Console/Comm Port Configuration” on page 3-94.

SNMP Security

The SNMP security feature allows you to set up network access control using selective IP filtering. SNMP-based security limits administration access to the switch, based on IP address filters.

For instructions on using the console interface (CI) to set up SNMP security, see “TELNET/SNMP Manager List Configuration” on page 3-111.

IEEE 802.1p

The BayStack 410-24T switch can prioritize the order in which packets are forwarded, on a per-port basis.

For more information about the IEEE 802.1p prioritizing feature, see “IEEE 802.1p Prioritizing” on page 1-59.

1-16	309985-C Rev 00

Image 46

Nortel Networks 10BASE-T manual Ieee 802.1p, RADIUS-Based Network Security, Snmp Security

Contents

Using the BayStack 410-24T 10BASE-T Switch Statement of Conditions Copyright 2000 Nortel NetworksTrademarks USA Requirements Only Canada Requirements Only Japan/Nippon Requirements OnlyTaiwan Requirements EC Declaration of Conformity Nortel Networks NA Inc. Software License Agreement Rev Page Contents Viii Chapter Installing the BayStack 410-24T Switch Chapter Using the Console Interface Chapter Troubleshooting Appendix B Media Dependent Adapters Appendix D Connectors and Pin Assignments Page Figures Vlan Configuration Spanning Multiple Switches IP Configuration/Setup Screen Standalone Switch Figure B-1 Figure C-3 Page Tables 102 Preface Organization Switch View a sample BootP configuration fileAudience This guide has four chapters, six appendixes, and an index Text Conventions Acronyms Redundant power supply unit Remote Authentication Dial-In User ServicesReverse Address Resolution Protocol Media dependent adapter Related Publications How to Get Help Technical Solutions Center TelephonePage BayStack 410-24T Switch Description Front Panel Comm Port 10BASE-T Port Connectors Uplink/Expansion ModuleSlot Provides descriptions of the LEDs BayStack 410-24T Switch LED DescriptionsLED Display Panel Label Type Color State Meaning CAS Up Stack mode Off Switch is in standalone mode Green BayStack 410-24T Switch Back Panel Back Panel International Power Cord Specifications AC Power ReceptacleCountry/Plug description Specifications Typical plug Cascade Module Slot Rpsu ConnectorCooling Fans Features Telnet Introduction to the BayStack 410-24T Switch Virtual Local Area Networks VLANs BayStack 410-24T Switch Security Feature Security See MAC Address-Based Security on MAC Address-Based Security RADIUS-Based Network Security Ieee 802.1pSnmp Security Switch Software Image Igmp Snooping FeatureConfiguration and Switch Management Flash Memory Storage Configuration Parameters Autosensing and Autonegotiation Ieee 802.1Q VLANs MultiLink TrunkingPort Mirroring BootP Automatic IP Configuration/MAC Address Snmp Trap Support Trap Name Configurable Sent whenSnmp MIB Support Supported Snmp Traps Network Configuration Desktop Switch Application BayStack 410-24T Switch Used as a Desktop Switch Segment Switch Application BayStack 410-24T Switch Used as a Workgroup Switch High-Density Switched Workgroup Application Configuring Power Workgroups and a Shared Media Hub Fail-Safe Stack Application Fail-Safe Stack Example Stack Operation 10. Compatible Software Versions Using the BayStack 410-24T 10BASE-T Switch Unit Select Switch Cascade a Out ConnectorBayStack 400-ST1 Cascade Module Cascade a In Connector 12. Connecting Cascade Cables Base Unit Using the BayStack 410-24T 10BASE-T Switch Stack Configurations Stack Up Configurations Stack Down Configurations 14. Stack Down Configuration Example Redundant Cascade Stacking Feature 15. Redundant Cascade Stacking Feature Ieee 802.1Q Vlan Workgroups 16. Port-Based Vlan Example Ieee 802.1Q Tagging 17. Default Vlan Settings 18. Port-Based Vlan Assignment 20 .1Q Tag Assignment VLANs Spanning Multiple Switches VLANs Spanning Multiple 802.1Q Tagged Switches VLANs Spanning Multiple Untagged Switches 23. VLANs Spanning Multiple Untagged Switches 24. Possible Problems with VLANs and Spanning Tree Protocol Shared Servers 25. Multiple VLANs Sharing Resources 26. Vlan Broadcast Domains Within the Switch To configure the Vlan port membership for Vlan Default Vlan Configuration screen opens Figure To configure the Pvid port Vlan identifier for Port 28. Vlan Configuration Screen Example 29. Default Vlan Port Configuration Screen Example 30. Vlan Port Configuration Screen Example Vlan Workgroup Summary 31. Vlan Configuration Spanning Multiple Switches Vlan Configuration Rules Igmp Snooping 32. IP Multicast Propagation With Igmp Routing 33. BayStack 410-24T Switch Filtering IP Multicast Streams 1 34. BayStack 410-24T Switch Filtering IP Multicast Streams 2 Igmp Snooping Configuration Rules Ieee 802.1p Prioritizing 35. Prioritizing Packets 36. Port Transmit Queue To configure the port priority level, follow these steps Traffic Class Configuration screen opens Figure Vlan Port Configuration screen opens Figure 38. Setting Port Priority Example 39. Switch-to-Switch Trunk Configuration Example MultiLink Trunks Client/Server Configuration Using MultiLink Trunks 40. Switch-to-Server Trunk Configuration Example 41. Client/Server Configuration Example Trunk Configuration Screen for Switch S1 Trunk Configuration Screen ExamplesSetting Up the Trunk Configuration for S1 MultiLink Trunk Configuration screen opens Figure 43. MultiLink Trunk Configuration Screen for Switch S1 Using the BayStack 410-24T 10BASE-T Switch Trunk Configuration Screen for Switch S2 44. MultiLink Trunk Configuration Screen for Switch S2 Using the BayStack 410-24T 10BASE-T Switch Trunk Configuration Screen for Switch S3 45. MultiLink Trunk Configuration Screen for Switch S3 Using the BayStack 410-24T 10BASE-T Switch Trunk Configuration Screen for Switch S4 46. MultiLink Trunk Configuration Screen for Switch S4 Using the BayStack 410-24T 10BASE-T Switch Before Configuring Trunks MultiLink Trunking Configuration Rules Using the BayStack 410-24T 10BASE-T Switch 47. Loss of Distributed Trunk Members Spanning Tree Considerations for MultiLink Trunks 48. Path Cost Arbitration Example 49. Example 1 Correctly Configured Trunk 50. Example 2 Detecting a Misconfigured Port Additional Tips About the MultiLink Trunking Feature Port Mirroring Conversation Steering Port-Based Mirroring Configuration 51. Port-Based Mirroring Configuration Example Using the BayStack 410-24T 10BASE-T Switch Address-Based Mirroring Configuration 52. Port Mirroring Port-Based Screen Example 53. Address-Based Mirroring Configuration Example 54. Port Mirroring Address-Based Screen Example Port Mirroring Configuration Rules Installing the BayStack 410-24T Switch Installation Requirements Contents will be the same Installation Procedure Installing the BayStack 410-24T Switch on a Flat Surface Installing the BayStack 410-24T Switch in a Rack Positioning the Chassis in the Rack Attaching Mounting Brackets Attaching Devices to the BayStack 410-24T Switch Connecting 10BASE-T Ports and 10/100 MDA Ports BASE-T Port Connections Connecting Fiber Optic MDA Ports Fiber Optic Port Connections Console/Comm Port Connecting a Terminal to the Console/Comm Port To connect a terminal to the Console/Comm port Connecting Power BayStack 410-24T Switch AC Power Receptacle Grounded AC Power Outlet Power-Up Sequence Verifying the InstallationVerifying the Installation Using the LEDs Stage Description LED indication Verifying the Installation Using the Self-Test Screen Configuration includes an additional test Cascade Sram test 12. Nortel Networks Logo Screen Initial Setup Standalone Switch Setup 13. Main Menu for Standalone Switch 14. IP Configuration/Setup Screen Standalone Switch Stack Setup 15. Main Menu Standalone Switch Example 17. IP Configuration/Setup Screen Stack Configuration Installing the BayStack 410-24T Switch Page Chapter Using the Console Interface Using the CI Menus and Screens Navigating the CI Menus and Screens Screen Fields and Descriptions Map of Console Interface Screens Main Menu Console Interface Main Menu Describes the CI main menu options Console Interface Main Menu options Reset Configuration FileSave Current Settings Reset to Default OptionDescription Logout IP Configuration/Setup IP Configuration/Setup Screen Describes the IP Configuration/Setup screen fields IP Configuration/Setup Screen Fields IP Address to Choosing a BootP Request ModeFieldDescription Ping BootP Disabled BootP or Last Address BootP When Needed BootP Always Snmp Configuration Screen Fields Snmp ConfigurationDescribes the Snmp Configuration screen fields Field Description Read-Only Snmp Configuration Screen Fields System Characteristics Describes the System Characteristics screen fields System Characteristics Screen Fields System Characteristics Screen Fields Switch Configuration Describes the Switch Configuration Menu screen options Switch Configuration Menu Screen Options Switch Configuration Menu Screen Options MAC Address Table MAC Address Table Screen Field Description Aging Time Describes the MAC Address Table screen fieldsMAC Address Table Screen Fields Find an Address MAC Address-Based Security MAC Address Security Configuration Menu MAC Address Security Configuration MAC Address Security Configuration Menu Options MAC Address Security Configuration Screen SNMP-Locked MAC Address Security Configuration Screen FieldsField Description MAC Address Security Partition Time MAC Address Security Port Configuration 10. MAC Address Security Port Configuration Screen 1 11. MAC Address Security Port Configuration Screen 2 Port MAC Address Security Port Configuration Screen FieldsField Description Unit Trunk MAC Address Security Port Lists 12. MAC Address Security Port Lists Screens 5 Screens Field Description Entry MAC Address Security Port Lists Screen FieldsPort List Port List Syntax Removing a Port from an Existing Port Number List Adding a New Port to an Existing Port Number ListCopying an Existing Field into an Adjacent Field MAC Address Security Table 14. MAC Address Security Table Screens 16 Screens 15. MAC Address Security Table Screen Field Description Find an Address MAC Address Security Table Screen FieldsAllowed Source Vlan Configuration Menu 12 describes the Vlan Configuration Menu screen options 12. Vlan Configuration Menu Screen Options Vlan Configuration Vlan Configuration Screen Fields 13 describes the Vlan Configuration screen fieldsField Description Create Vlan Vlan Type Protocol Id PID Vlan State 13. Vlan Configuration Screen FieldsField Description User-defined PID Port Membership Predefined Protocol Identifier PID PID Name Encapsulation PID Value hex Vlan Type Reserved PIDs PID Value hex Comments Gigabit Ports and BayStack 410-24T Switch Ports Restriction Vlan Port Configuration Vlan Port Configuration Screen Fields 16 describes the Vlan Port Configuration screen fieldsFilter Tagged Frames 16. Vlan Port Configuration Screen Fields Vlan Display by Port 19. Vlan Display by Port Screen Traffic Class Configuration Traffic Class Configuration Screen Fields 18 describes the Traffic Class Configuration screen fieldsField Description User Priority Port Configuration Screen 1 Port ConfigurationRev 19 describes the Port Configuration screen fields Port Configuration Screen Fields Autonegotiation High Speed Flow Control ConfigurationLnkTrap Speed/Duplex1 23. High Speed Flow Control Configuration Screen 20. High Speed Flow Control Configuration Screen Fields Choosing a High Speed Flow Control Mode High Speed Flow Control Configuration Screen Fields Symmetric Mode MultiLink Trunk ConfigurationAsymmetric Mode Option Description MultiLink Trunk 21. MultiLink Trunk Configuration Menu Screen OptionsUtilization MultiLink Trunk Configuration Screen MultiLink Trunk Configuration Screen Fields Field Description Trunk MultiLink Trunk Configuration Screen Fields MultiLink Trunk Utilization Screen 26. MultiLink Trunk Utilization Screen 1 Traffic Type 23 describes the MultiLink Trunk Utilization screen fieldsMultiLink Trunk Utilization Screen Fields Unit/Port Field Description Last 5 Minutes Port Mirroring Configuration23. MultiLink Trunk Utilization Screen Fields Last 30 Minutes 24 describes the Port Mirroring Configuration screen fields 24. Port Mirroring Configuration Screen Fields Address a Field Description Monitor Unit/PortUnit/Port Y Address B Fields Description Port-based Monitoring ModesAddress-based Rate Limiting Configuration 29. Rate Limiting Configuration Screen 1 30. Rate Limiting Configuration Screen 2 Packet Type 26 describes the Rate Limiting Configuration screen fieldsRate Limiting Configuration Screen Fields Limit 27 describes the Igmp Configuration Menu screen options Igmp Configuration Menu27. Igmp Configuration Menu Screen Options Option Description Display Multicast Group Igmp ConfigurationMembership Igmp Configuration Screen Fields 28 describes the Igmp Configuration screen fieldsField Description Igmp Configuration Screen Fields Configuring Ports as Static Router Ports 28. Igmp Configuration Screen Fields Multicast Group Membership Multicast Group Membership Screen Options 29 describes the Multicast Group Membership screen optionsOption Description Port Statistics 34. Port Statistics Screen Gigabit MDA 30 describes the Port Statistics screen fieldsPort Statistics Screen Fields Port Statistics Screen Fields Single Collisions Pause Frames ATM Configuration Menu 35. ATM Configuration Menu Screen Before Configuring Your ATM MDA 31. ATM Configuration Menu Screen Options 31 describes the ATM Configuration Menu screen optionsLEC Configuration MDA Software 32 describes the LEC Configuration screen fields LEC Configuration Screen Fields LEC Configuration Screen Fields ATM MDA Configuration 32. LEC Configuration Screen Fields 33 describes the ATM MDA Configuration screen fields ATM MDA Configuration Screen Fields User Defined UNI Version ATM MDA Software Download Field Description PHY Type 34. ATM MDA Software Download Screen Fields 34 describes the ATM MDA Software Download screen fieldsTftp Server IP Address Using the Console Interface Console/Comm Port Configuration 35. Console/Comm Port Configuration Screen Fields Baud, 4800 Baud, 9600 Baud, 19200 Baud, 38400 Baud Telnet Switch FieldDescription Console SwitchPassword Type Console Stack Console Read-Only Switch PasswordField Description Telnet Stack Console Read-Write An Ascii string of up to 15 printable characters Any Ascii string of up to 15 printable characters Server Renumber Stack Units 40. Renumber Stack Units Screen 36 describes the Renumber Stack Units screen options 36. Renumber Stack Units Screen Options Spanning Tree Configuration Hardware Unit Information 37. Spanning Tree Configuration Menu Screen Options Return to Main Menu Spanning Tree Port Configuration 43. Spanning Tree Port Configuration Screen 1 44. Spanning Tree Port Configuration Screen 2 Spanning Tree Port Configuration Screen Fields Spanning Tree Port Configuration Screen Fields Display Spanning Tree Switch Settings 45. Spanning Tree Switch Settings Screen 39. Spanning Tree Switch Settings Parameters 39 describes the Spanning Tree Switch Settings parametersParameter Description Bridge Hello Parameter Description Forward DelayDelay Time TELNET/SNMP Manager List Configuration 46. TELNET/SNMP Manager List Configuration Screen 40. TELNET/SNMP Manager List Configuration Screen Fields Login Timeout Login Retries Inactivity Event Logging IP Address Field Description Allowed SourceMask Software Download 41 describes the Software Download screen fields 41. Software Download Screen Fields LED Indications During the Download Process New Image 42. LED Indications During the Software Download Process Phase Description LED IndicationsLink status LEDs ports 18 to 24 only The LEDs begin to Configuration File 48. Configuration File Download/Upload Screen Retrieve Configuration 43. Configuration File Download/Upload Screen FieldsCopy Configuration Image to Server Parameters Not Saved to the Configuration File These parameters are not saved Used in this screen See Display Event Log 49. Event Log Screen Excessive Bad Entries 50. Sample Event Log Entry Showing Excessive Bad Entries Flash Update Write Threshold Save Current Settings Reset 53. Self-Test Screen After Resetting the Switch 54. Nortel Networks Logo Screen Reset to Default Settings 55. Self-Test Screen After Resetting to Default Settings 129 57. Password Prompt Screen Logout Chapter Troubleshooting Interpreting the LEDs Troubleshooting Diagnosing and Correcting the Problem Symptom Probable cause Corrective action Normal Power-Up SequenceCorrective Actions Port Connection Problems See Port Connection Problems on Autonegotiation Modes Port Interface Software Download Error Codes Software Download Error CodesError code Description Corrective action Center Page Environmental Parameter Operating Specification Storage SpecificationParameter Specifications Electrical Performance Specifications Physical DimensionsNetwork Protocol and Standards Compatibility Interface Options Safety Agency CertificationData Rate Electromagnetic Emissions Electromagnetic Immunity Declaration of Conformity Appendix B Media Dependent Adapters Type Model/Description See 10BASE-T/100BASE-TX MDA Label Description 100BASE-FX MDAs Figure B-2 BASE-FX MDA Front Panels Table B-2 BASE-FX MDA Components Installing an MDA Figure B-3. Installing an MDA Replacing an MDA When replacing an installed MDARemove the AC power cord from the power source Loosen the thumbscrews and remove the MDAPage Appendix C Quick Steps to Features To learn more about See Configuring 802.1Q VLANs To create or modify an 802.1Q VLAN, follow the flowcharts Figure C-2. Configuring 802.1Q VLANs 2 Figure C-3. Configuring 802.1Q VLANs 3 Configuring the BayStack 450-2M3/2S3 MDAs Figure C-4. Configuring the BayStack 450-2M3/2S3 MDA 1 Figure C-5. Configuring the BayStack 450-2M3/2S3 MDA 2 Figure C-6. Configuring the BayStack 450-2M3/2S3 MDA 3 Configuring MultiLink Trunks Figure C-7. Configuring MultiLink Trunks Configuring Port Mirroring Figure C-8. Configuring Port Mirroring 1 Figure C-9. Configuring Port Mirroring 2 Configuring Igmp Snooping Figure C-10. Configuring Igmp Snooping 1 Figure C-11. Configuring Igmp Snooping 2 Figure C-12. Configuring Igmp Snooping 3 Page RJ-45 10BASE-T/100BASE-TX Port Connectors Figure D-1. RJ-45 8-Pin Modular Port Connector Pin Signal Description Table D-1 RJ-45 Port Connector Pin AssignmentsMDI and MDI-X Devices MDI-X to MDI Cable Connections Figure D-2. MDI-X to MDI Cable Connections MDI-X to MDI-X Cable Connections Figure D-3 MDI-X to MDI-X Cable Connections DB-9 RS-232-D Console/Comm Port Connector Table D-2 DB-9 Console/Comm Port Connector Pin AssignmentsPage Appendix E Default Settings Appears in this CI screen Field Default setting Using the BayStack 410-24T 10BASE-TSwitch Default Settings Using the BayStack 410-24T 10BASE-T Switch LEC Console Switch Password Type 40 on Using the BayStack 410-24T 10BASE-T Switch Appendix F Sample BootP Configuration File Using the BayStack 410-24T 10BASE-T Switch Index Index-2 Index-3 Index-4 Index-5 Index-6