RADIUS-Based Network Security | Nortel Networks 24T specs

Introduction to the BayStack 410-24T Switch

RADIUS-Based Network Security

The RADIUS-based security feature allows you to set up network access control, using the RADIUS (Remote Authentication Dial-In User Services) security protocol. The RADIUS-based security feature uses the RADIUS protocol to authenticate local console and TELNET logins.

You will need to set up specific user accounts (user names and passwords, and Service-Type attributes) on your RADIUS server before the authentication process can be initiated. To provide each user with appropriate levels of access to the switch, set the following username attributes on your RADIUS server:

•Read-write access -- Set the Service-Type field value to Administrative.

•Read-only access -- Set the Service-Type field value to NAS-Prompt.

For detailed instructions about setting up your RADIUS server, refer to your RADIUS server documentation.

For instructions on using the console interface (CI) to set up the Radius-based security feature, see “Console/Comm Port Configuration” on page 3-82.

MAC Address-Based Security

The MAC address-based security feature allows you to set up network access control, based on source MAC addresses of authorized stations.

You can:

•Create a list of up to 448 MAC addresses and specify which addresses are authorized to connect to your switch or stack configuration. The 448 MAC addresses can be configured within a single standalone switch or they can be distributed in any order among the units in a single stack configuration.

•Specify which of your switch ports each MAC address is allowed to access.

The options for allowed port access include: NONE, ALL, and single or multiple ports that are specified in a list, for example, 1/1-4,1/6,2/9 (see “Port List Syntax” on page 3-33).

•Specify optional actions to be exercised by your switch if the software detects a security violation.

The response can be to send a trap, turn on destination address (DA) filtering, disable the specific port, or any combination of these three options.

309985-B Rev 00

1-15

Image 43

Nortel Networks 24T manual RADIUS-Based Network Security, MAC Address-Based Security

Contents

Using the BayStack 410-24T 10BASE-T Switch USA Requirements Only Copyright 2000 Nortel NetworksTrademarks Statement of Conditions EC Declaration of Conformity Japan/Nippon Requirements OnlyTaiwan Requirements Canada Requirements Only Nortel Networks NA Inc. Software License Agreement Rev Page Contents Switch Software Image Configuration Parameters Chapter Installing the BayStack 410-24T Switch Chapter Using the Console Interface 102 Chapter Troubleshooting Appendix D Connectors and Pin Assignments Page Figures Xvi IP Configuration/Setup Screen Standalone Switch Figure B-1 Figure C-8. Configuring Igmp Snooping 2 Page Tables 100 Preface If you want to Go to Before You BeginOrganization This guide has four chapters, six appendixes, and an index Text Conventions Acronyms Related Publications Technical Solutions Center Telephone Number How to Get Help Description BayStack 410-24T Switch Comm Port Front Panel Uplink/Expansion Slot 10BASE-T Port Connectors Label Type Color State Meaning BayStack 410-24T Switch LED DescriptionsLED Display Panel Provides descriptions of the LEDs CAS Up Stack mode Off Switch is in standalone mode Green Back Panel BayStack 410-24T Switch Back Panel International Power Cord Specifications AC Power ReceptacleCountry/Plug description Specifications Typical plug Cascade Module Slot Rpsu ConnectorCooling Fans Features Telnet Introduction to the BayStack 410-24T Switch Virtual Local Area Networks VLANs Security BayStack 410-24T Switch Security Feature See MAC Address-Based Security on MAC Address-Based Security RADIUS-Based Network Security Configuration and Switch Management Igmp Snooping FeatureIeee 802.1p Configuration Parameters Switch Software ImageFlash Memory Storage MultiLink Trunking Autosensing and Autonegotiation Port Mirroring Ieee 802.1Q VLANs Stack software offset is Then the Stack MAC address becomes BootP Automatic IP Configuration/MAC Address Supported Snmp Traps Trap Name Configurable Sent whenSnmp MIB Support Snmp Trap Support Desktop Switch Application Network Configuration BayStack 410-24T Switch Used as a Desktop Switch BayStack 410-24T Switch Used as a workgroup Switch Segment Switch Application Configuring Power Workgroups and a Shared Media Hub High-Density Switched Workgroup Application Fail-Safe Stack Example Fail-Safe Stack Application BayStack 400-ST1 Cascade Module Stack Operation Unit Select Switch Cascade a Out ConnectorCascade a In Connector Base Unit Initial Installation Temporary Base Unit Stack MAC Address Removing a Unit from the Stack Stack Configurations Stack Down Configurations Stack Up Configurations 13. Stack Down Configuration Example Redundant Cascade Stacking Feature 14. Redundant Cascade Stacking Feature 15. Port-Based Vlan Example Ieee 802.1Q Vlan Workgroups Ieee 802.1Q Tagging 16. Default Vlan Settings 17. Port-Based Vlan Assignment 19 .1Q Tag Assignment VLANs Spanning Multiple 802.1Q Tagged Switches VLANs Spanning Multiple Switches 22. VLANs Spanning Multiple Untagged Switches VLANs Spanning Multiple Untagged Switches 23. Possible Problems with VLANs and Spanning Tree Protocol 24. Multiple VLANs Sharing Resources Shared Servers 25. Vlan Broadcast Domains Within the Switch Default Vlan Configuration screen opens Figure To configure the Vlan port membership for Vlan 27. Vlan Configuration Screen Example To configure the Pvid port Vlan identifier for Port 28. Default Vlan Port Configuration Screen Example Vlan Workgroup Summary 29. Vlan Port Configuration Screen Example 30. Vlan Configuration Spanning Multiple Switches Vlan Configuration Rules Igmp Snooping 31. IP Multicast Propagation With Igmp Routing 32. BayStack 410-24T Switch Filtering IP Multicast Streams 1 33. BayStack 410-24T Switch Filtering IP Multicast Streams 2 Igmp Snooping Configuration Rules 34. Prioritizing Packets Ieee 802.1p Prioritizing 35. Port Transmit Queue Traffic Class Configuration screen opens Figure To configure the port priority level, follow these steps 37. Setting Port Priority Example Vlan Port Configuration screen opens Figure MultiLink Trunks 38. Switch-to-Switch Trunk Configuration Example 39. Switch-to-Server Trunk Configuration Example Client/Server Configuration Using MultiLink Trunks 40. Client/Server Configuration Example Trunk Configuration Screen for Switch S1 Trunk Configuration Screen ExamplesSetting up the Trunk Configuration for S1 42. MultiLink Trunk Configuration Screen for Switch S1 MultiLink Trunk Configuration screen opens Figure Using the BayStack 410-24T 10BASE-T Switch 43. MultiLink Trunk Configuration Screen for Switch S2 Trunk Configuration Screen for Switch S2 Using the BayStack 410-24T 10BASE-T Switch 44. MultiLink Trunk Configuration Screen for Switch S3 Trunk Configuration Screen for Switch S3 Using the BayStack 410-24T 10BASE-T Switch 45. MultiLink Trunk Configuration Screen for Switch S4 Trunk Configuration Screen for Switch S4 Using the BayStack 410-24T 10BASE-T Switch MultiLink Trunking Configuration Rules Before Configuring Trunks Using the BayStack 410-24T 10BASE-T Switch 46. Loss of Distributed Trunk Members 47. Path Cost Arbitration Example Spanning Tree Considerations for MultiLink Trunks 48. Example 1 Correctly Configured Trunk 49. Example 2 Detecting a Misconfigured Port Additional Tips About the MultiLink Trunking Feature Port Mirroring Conversation Steering 50. Port-Based Mirroring Configuration Example Port-Based Mirroring Configuration Using the BayStack 410-24T 10BASE-T Switch 51. Port Mirroring Port-Based Screen Example Address-Based Mirroring Configuration 52. Address-Based Mirroring Configuration Example 53. Port Mirroring Address-Based Screen Example Port Mirroring Configuration Rules Installation Requirements Installing the BayStack 410-24T Switch Package Contents Installing the BayStack 410-24T Switch on a Flat Surface Installation Procedure Installing the BayStack 410-24T Switch in a Rack Positioning the Chassis in the Rack Attaching Mounting Brackets Attaching Devices to the BayStack 410-24T Switch BASE-T Port Connections Connecting 10BASE-T Ports and 10/100 MDA Ports Fiber Optic Port Connections Connecting Fiber Optic MDA Ports Console/Comm Port To connect a terminal to the Console/Comm port Connecting a Terminal to the Console/Comm Port Connecting Power Grounded AC Power Outlet BayStack 410-24T Switch AC Power Receptacle Stage Description LED indication Verifying the InstallationVerifying the Installation Using the LEDs Power-Up Sequence Configuration includes an additional test Cascade Sram test Verifying the Installation Using the Self-Test Screen 12. Nortel Networks Logo Screen Standalone Switch Setup Initial Setup 13. Main Menu 14. IP Configuration/Setup Screen Standalone Switch Stack Setup 15. Main Menu Standalone Switch Example 17. IP Configuration/Setup Screen Stack Configuration Installing the BayStack 410-24T Switch Page Accessing the CI Menus and Screens Chapter Using the Console Interface Navigating the CI Menus and Screens Using the CI Menus and Screens Map of Console Interface Screens Screen Fields and Descriptions Console Interface Main Menu Main Menu Console Interface Main Menu options Describes the CI main menu options Settings Configuration FileReset Reset to Default Logout OptionDescription Describes the IP Configuration/Setup screen fields IP Configuration/Setup IP Configuration/Setup Screen Fields FieldDescription Choosing a BootP Request ModeIP Address to Ping Start Ping BootP or Last Address BootP Disabled BootP Always BootP When Needed Field Description Read-Only Snmp ConfigurationDescribes the Snmp Configuration screen fields Snmp Configuration Screen Fields Snmp Configuration Screen Fields Describes the System Characteristics screen fields System Characteristics System Characteristics Screen Fields System Characteristics Screen Fields Describes the Switch Configuration Menu screen options Switch Configuration Switch Configuration Menu Screen Options Clear All Port Statistics Option Description Igmp ConfigurationMAC Address Table Display Port Statistics MAC Address Table Screen Fields Describes the MAC Address Table screen fieldsField Description Aging Time Field Description Find an Address MAC Address Security Configuration Menu MAC Address Security Configuration Menu Options MAC Address Security Configuration MAC Address Security Configuration Screen Partition Time MAC Address Security Configuration Screen FieldsField Description MAC Address Security SNMP-Locked MAC Address Security Configuration Screen Fields 10. MAC Address Security Port Configuration Screen 1 MAC Address Security Port Configuration 11. MAC Address Security Port Configuration Screen 2 Trunk MAC Address Security Port Configuration Screen FieldsField Description Unit Port 12. MAC Address Security Port Lists Screens 5 Screens MAC Address Security Port Lists Field Description Entry MAC Address Security Port Lists Screen FieldsPort List Port List Syntax Removing a Port from an Existing Port Number List Adding a New Port to an Existing Port Number ListCopying an Existing Field into an Adjacent Field 14. MAC Address Security Table Screens 16 Screens MAC Address Security Table 15. MAC Address Security Table Screen Allowed Source MAC Address Security Table Screen Fields Vlan Configuration Menu 12. Vlan Configuration Menu Screen Options 12 describes the Vlan Configuration Menu screen options Vlan Configuration Vlan Configuration Screen Fields 13 describes the Vlan Configuration screen fieldsField Description Create Vlan Vlan Configuration Screen Fields Port Membership 13. Vlan Configuration Screen FieldsField Description User-defined PID Vlan State PID Name Encapsulation PID Value hex Vlan Type Predefined Protocol Identifier PID PID Value hex Comments Reserved PIDs Vlan Port Configuration Gigabit Ports and BayStack 410-24T Switch Ports Restriction Vlan Port Configuration Screen Fields 16 describes the Vlan Port Configuration screen fieldsFilter Tagged Frames 16. Vlan Port Configuration Screen Fields 19. Vlan Display by Port Screen Vlan Display by Port VLANs Traffic Class Configuration17 describes the Vlan Display by Port screen fields Vlan Display by Port Screen Fields Traffic Class Configuration Screen Fields 18 describes the Traffic Class Configuration screen fieldsField Description User Priority Port Configuration Screen 1 Port Configuration Port Configuration Screen Fields 19 describes the Port Configuration screen fields Speed/Duplex1 High Speed Flow Control ConfigurationLnkTrap Autonegotiation 20. High Speed Flow Control Configuration Screen Fields 23. High Speed Flow Control Configuration Screen High Speed Flow Control Configuration Screen Fields Choosing a High Speed Flow Control Mode Asymmetric MultiLink Trunk Configuration Option Description MultiLink Trunk 21. MultiLink Trunk Configuration Menu Screen OptionsUtilization MultiLink Trunk Configuration Screen Field Description Trunk MultiLink Trunk Configuration Screen Fields MultiLink Trunk Utilization Screen MultiLink Trunk Configuration Screen Fields 26. MultiLink Trunk Utilization Screen 1 Unit/Port 23 describes the MultiLink Trunk Utilization screen fieldsMultiLink Trunk Utilization Screen Fields Traffic Type Last 30 Minutes Port Mirroring Configuration23. MultiLink Trunk Utilization Screen Fields Field Description Last 5 Minutes 24. Port Mirroring Configuration Screen Fields 24 describes the Port Mirroring Configuration screen fields Address B Field Description Monitor Unit/PortUnit/Port Y Address a Fields Description Port-based Monitoring ModesAddress-based 29. Rate Limiting Configuration Screen 1 Rate Limiting Configuration 30. Rate Limiting Configuration Screen 2 Limit 26 describes the Rate Limiting Configuration screen fieldsRate Limiting Configuration Screen Fields Packet Type 27 describes the Igmp Configuration Menu screen options Igmp Configuration Menu27. Igmp Configuration Menu Screen Options Option Description Display Multicast Group Igmp ConfigurationMembership Igmp Configuration Screen Fields 28 describes the Igmp Configuration screen fieldsField Description Igmp Configuration Screen Fields 28. Igmp Configuration Screen Fields Configuring Ports as Static Router Ports Multicast Group Membership Multicast Group Membership Screen Options 29 describes the Multicast Group Membership screen optionsOption Description 34. Port Statistics Screen Port Statistics Gigabit MDA 30 describes the Port Statistics screen fieldsPort Statistics Screen Fields Port Statistics Screen Fields Pause Frames Single Collisions 31. Console/Comm Port Configuration Screen Fields Console/Comm Port Configuration Baud, 4800 Baud, 9600 Baud, 19200 Baud, 38400 Baud Console Stack FieldDescription Console SwitchPassword Type Telnet Switch Console Read-Write Switch PasswordField Description Telnet Stack Console Read-Only An Ascii string of up to 15 printable characters Any Ascii string of up to 15 printable characters Server 36. Renumber Stack Units Screen Renumber Stack Units 32. Renumber Stack Units Screen Options 32 describes the Renumber Stack Units screen options Hardware Unit Information Spanning Tree Configuration 33. Spanning Tree Configuration Menu Screen Options 38. Spanning Tree Configuration Menu Screen 39. Spanning Tree Port Configuration Screen 1 Spanning Tree Port Configuration Spanning Tree Port Configuration Screen Fields 40. Spanning Tree Port Configuration Screen 2 Spanning Tree Port Configuration Screen Fields 41. Spanning Tree Switch Settings Screen Display Spanning Tree Switch Settings 35. Spanning Tree Switch Settings Parameters 35 describes the Spanning Tree Switch Settings parametersParameter Description Time Parameter Description Forward DelayDelay Bridge Hello 36 describes the Telnet Configuration screen fields Telnet Configuration Login Timeout Login Retries Inactivity Event Logging 36. Telnet Configuration Screen Fields Telnet Configuration Screen Fields Software Download 37. Software Download Screen Fields 37 describes the Software Download screen fields New Image LED Indications During the Download Process 38. LED Indications During the Software Download Process Phase Description LED IndicationsLink status LEDs ports 18 to 24 only The LEDs begin to 44. Configuration File Download/Upload Screen Configuration File Image to Server 39. Configuration File Download/Upload Screen FieldsCopy Configuration Retrieve Configuration These parameters are not saved Used in this screen See Parameters Not Saved to the Configuration File 45. Event Log Screen Display Event Log Write Threshold Excessive Bad Entries 47. Sample Event Log Entry Exceeding the Write Threshold Flash Update 49. Self-Test Screen After Resetting the Switch Reset 50. Nortel Networks Logo Screen Reset to Default Settings 51. Self-Test Screen After Resetting to Default Settings 116 Logout 53. Password Prompt ScreenPage Chapter Troubleshooting Interpreting the LEDs Troubleshooting Diagnosing and Correcting the Problem Symptom Probable cause Corrective action Normal Power-Up SequenceCorrective Actions See Port Connection Problems on Port Connection Problems Port Interface Autonegotiation Modes Software Download Error Codes Software Download Error CodesError code Description Corrective action Center Page Electrical Parameter Operating Specification Storage SpecificationParameter Specifications Environmental Performance Specifications Physical DimensionsNetwork Protocol and Standards Compatibility Electromagnetic Emissions Safety Agency CertificationData Rate Interface Options Declaration of Conformity Electromagnetic Immunity Type Model/Description See Appendix B Media Dependent Adapters Label Description 10BASE-T/100BASE-TX MDA 100BASE-FX MDAs Figure B-2 BASE-FX MDA Front Panels Table B-2 BASE-FX MDA Components Figure B-3. Installing an MDA Installing an MDA Replacing an MDA with a Different Model Remove the AC power cord from the power sourceLoosen the thumbscrews and remove the MDA Page To learn more about Refer to this section Appendix C Quick Steps to Features To create or modify an 802.1Q VLAN, follow the flowcharts Configuring 802.1Q VLANs Figure C-2. Configuring 802.1Q VLANs 2 Figure C-3. Configuring 802.1Q VLANs 3 Figure C-4. Configuring MultiLink Trunks Configuring MultiLink Trunks Figure C-5. Configuring Port Mirroring 1 Configuring Port Mirroring Figure C-6. Configuring Port Mirroring 2 Figure C-7. Configuring Igmp Snooping 1 Configuring Igmp Snooping Figure C-8. Configuring Igmp Snooping 2 Figure C-9. Configuring Igmp Snooping 3 Figure D-1. RJ-45 8-Pin Modular Port Connector RJ-45 10BASE-T/100BASE-TX Port Connectors Pin Signal Description Table D-1 RJ-45 Port Connector Pin AssignmentsMDI and MDI-X Devices Figure D-2. MDI-X to MDI Cable Connections MDI-X to MDI Cable Connections Figure D-3 MDI-X to MDI-X Cable Connections MDI-X to MDI-X Cable Connections Table D-2 DB-9 Console/Comm Port Connector Pin Assignments DB-9 RS-232-D Console/Comm Port ConnectorPage Appears in this CI screen Field Default setting Appendix E Default Settings Using the BayStack 410-24T 10BASE-TSwitch Default Settings Using the BayStack 410-24T 10BASE-T Switch Console Switch Password Type Appears in this CI screen Field Default setting For details about this field, see Page Appendix F Sample BootP Configuration File Using the BayStack 410-24T 10BASE-T Switch Index Index-2 Index-3 Index-4 Index-5 Index-6