Getting Started
893-00992-E
1-9
MAC Address-Based Security
The MAC address-based security feature allows you to set up network access
control, based on source MAC addresses of authorized stations. You can specify a
range of system responses to unauthorized access, which can range from sending
a trap to disabling the intruder port. You can create a list of up to 98 MAC
addresses and specify which addresses are authorized or not authorized to connect
to the switch. You can also specify which of the switch ports each MAC address is
allowed to access. The options for allowed port access include: NONE, ALL, and
single or multiple ports that are specified in a list, for example, 1-4, 6, 9, etc.
The MAC address-based Security feature is based on Nortel Networks BaySecure
LAN Access for Ethernet, a real-time security system that safeguards Ethernet
networks from unauthorized surveillance and intrusion. To learn more about the
Nortel Networks BaySecure LAN Access for Ethernet, refer to the Bay Networks
Guide to Implementing BaySecure LAN Access for Ethernet (Part number
345-1106A).
You can also specify optional actions to be exercised by the switch if the software
detects a security violation. The response can be to send a trap, turn on destination
address (DA) filtering, disable the specific port, or any combination of these three
options. For instructions on using the console interface (CI) to set up network
access control, see “MAC Address-Based Security” on page 3-26.
RADIUS-Based and SNMP Security
The RADIUS-based and SNMP security features allows you to set up network
access control, using the RADIUS (Remote Authentication Dial-In User Services)
security protocol and selective IP filtering. The RADIUS-based security feature
uses the RADIUS protocol to authenticate TELNET logins. SNMP-based security
limits administration access to the switch, based on IP address filters.
For instructions on using the console interface (CI) to set up the RADIUS-based
Security feature, see “Network Security” on page 3-77.
For instructions on using the console interface (CI) to set up SNMP Security , see
“TELNET Configuration” on page 3-68.
Note:
You must also include the MAC address of any router connected to any
secure ports.
To Next Page
Loading...
