Introduction to the BayStack 410-24T Switch

RADIUS-Based Network Security

The RADIUS-based security feature allows you to set up network access control, using the RADIUS (Remote Authentication Dial-In User Services) security protocol. The RADIUS-based security feature uses the RADIUS protocol to authenticate local console and TELNET logins.

You will need to set up specific user accounts (user names and passwords, and Service-Type attributes) on your RADIUS server before the authentication process can be initiated. To provide each user with appropriate levels of access to the switch, set the following username attributes on your RADIUS server:

Read-write access -- Set the Service-Type field value to Administrative.

Read-only access -- Set the Service-Type field value to NAS-Prompt.

For detailed instructions about setting up your RADIUS server, refer to your RADIUS server documentation.

For instructions on using the console interface (CI) to set up the Radius-based security feature, see “Console/Comm Port Configuration” on page 3-82.

MAC Address-Based Security

The MAC address-based security feature allows you to set up network access control, based on source MAC addresses of authorized stations.

You can:

Create a list of up to 448 MAC addresses and specify which addresses are authorized to connect to your switch or stack configuration. The 448 MAC addresses can be configured within a single standalone switch or they can be distributed in any order among the units in a single stack configuration.

Specify which of your switch ports each MAC address is allowed to access.

The options for allowed port access include: NONE, ALL, and single or multiple ports that are specified in a list, for example, 1/1-4,1/6,2/9 (see “Port List Syntax” on page 3-33).

Specify optional actions to be exercised by your switch if the software detects a security violation.

The response can be to send a trap, turn on destination address (DA) filtering, disable the specific port, or any combination of these three options.

309985-B Rev 00

1-15

Page 43
Image 43
Nortel Networks 24T manual RADIUS-Based Network Security, MAC Address-Based Security