Radius-based network security, Mac address-based security, Radius-based network – Nortel Networks 1000ASE-XD User Manual
Page 37
Chapter 1 BayStack 420 Switch
37
Using the BayStack 420 10/100/1000 Switch
RADIUS-based network security
The RADIUS-based security feature allows you to set up network access control,
using the RADIUS (Remote Authentication Dial-In User Services) security
protocol. The RADIUS-based security feature uses the RADIUS protocol to
authenticate local console and Telnet logins.
You will need to set up specific user accounts (user names and passwords, and
Service-Type attributes) on your RADIUS server before the authentication
process can be initiated. To provide each user with appropriate levels of access to
the switch, set the following username attributes on your RADIUS server:
•
Read-write access—Set the Service-Type field value to Administrative.
•
Read-only access—Set the Service-Type field value to NAS-Prompt.
For detailed instructions to set up your RADIUS server, refer to your RADIUS
server documentation.
For instructions to use the console interface (CI) to set up the RADIUS-based
security feature, see
Chapter 3, “Using the console interface,” on page 87
MAC address-based security
The MAC address-based security feature allows you to set up network access
control, based on source MAC addresses of authorized stations.
You can:
•
Create a list of up to 448 MAC addresses and specify which addresses are
authorized to connect to your switch or stack configuration. The 448 MAC
addresses can be configured within a single standalone switch, or they can be
distributed in any order among the units in a single stack configuration.
•
Specify which of your switch ports each MAC address is allowed to access.
The options for allowed port access include: NONE, ALL, and single or
multiple ports that are specified in a list, for example, 1/1-4,1/6,2/9 (see
” on
).
•
Specify optional actions to be exercised by your switch if the software detects
a security violation.