6
needs enhancement — for example,
banks, trading rooms or classroom
training facilities. EAP supports client
access to the network and interoperates
with Microsoft Windows XP and other
standards-based clients. Microsoft’s
support for specific EAP types enables
IEEE 802.1x to support authentication
for multiple EAP types including EAP-
PEAP, Non-EAP MAC (NEAP) and
Multiple Host (MAC) Single Authenti-
cation (MHSA).
SNMPv3 provides user authentication
and data encryption for higher security.
It also offers secure configuration and
monitoring.
IP Manager List limits access to the
management features of Ethernet Switch
470 by a defined list of IP addresses,
providing greater network security and
manageability.
The Ethernet Switch 470 features MAC
address-based security, which allows
authentication of all access, not only
to the switches for management and
configurations but also access to the
infrastructure through these switches.
This software feature limits access to
only network authorized and trusted
personnel, including full tracking of
network connections. Network access
is granted or denied via proper MAC
address (up to a maximum of 448)
identification. In addition, with the
Distributed Access List Security feature,
network access is granted or denied on a
per-port basis. The Ethernet Switch 470
also provides RADIUS authentication
for switch security management.
EAPOL Security Enhancements
EAP (Extensible Authentication
Protocol) now supports two modes for
authentication:
• Single Host with Single Authentication
(SHSA) and Guest VLANs
• Multiple Host (MAC) with Multiple
Authentication (MHMA) - EAP
Clients only
SHSA allows only one device/user on that
port to complete EAP Authentication.
With MHMA, multiple devices, each
with a different MAC address, are
allowed on a port. Each device must
complete EAP Authentication for the
port to allow traffic with the correspon-
ding MAC address. This feature saves
ports on the Power over Ethernet
switch. For example, a laptop can be
connected to an IP phone which in turn
is connected to the switch and draws
power from it (Figure 4).
MAC Addresses
The Ethernet Switch 470 supports up
to 16,000 MAC addresses per switch
or stack, for deployment of large-scale,
enterprise networks with many attached
devices and workgroups, allowing for
scalability and cost-effectiveness.
VLAN support
Up to 256 port-based VLANs can be
configured per individual switch or per
stack to extend the broadcast domain
and segment network traffic. The 256
VLANs can be spread among port-based
and MAC source address-based VLANs.
Protocol-based VLANs allow switch
ports to be assigned to a VLAN based
on the protocol information within the
packet. These VLANs localize broadcast
traffic and assure that the specified
protocol type packets are sent only to
the protocol-based VLAN ports.
Shared VLAN (SVL) and Independent
VLAN Learning (IVL) are supported.
With SVL support, all VLANs in the
switch share the same forwarding data-
base. IVL allows individual VLANs to
have separate forwarding databases within
the switch, and it allows the switch to
handle duplicate MAC addresses if the
addresses are in different VLANs.
IGMP Snooping
The Ethernet Switch 470 features IP
Multicast support by examining
(‘snooping’) all Internet Group Multicast
Protocol (IGMP) traffic in hardware at
line rate, and pruning unwanted data
streams from affecting network or end-
station performance.
Port Mirroring
The port mirroring feature (sometimes
referred to as ‘conversation steering’)
allows the network administrator to
designate a single switch port as a traffic
monitor for a specified port. Port
mirroring copies packets flowing into a
specified port and sends the replicated
data to the mirrored port for in-depth
analysis of switched traffic patterns to
troubleshoot problems and optimize
network configurations. Additionally,
an external probe device can be attached
to the designated monitor port.
Simplified Network Operations
The Ethernet Switch Software supports
all four Ethernet Switch 470 models as
well as the Ethernet Switch 460. The
single image software simplifies network
operations and provides the flexibility of
stacking different switches in the same
stack. Loading the image to different
switches is also considerably simplified.
The image is loaded only to the base
unit of the stack, which automatically
loads it to other switches in the stack.
Advanced Management
The Enterprise Switch Manager (ESM)
performs configuration functions such as
VLAN assignments, MLT and Multicast
across multiple Nortel Ethernet switches.
Business-level policies are enforced auto-
matically across the network using the
Enterprise Policy Manager (EPM) soft-
ware. This software provides centralized
control of advanced packet classification
and the ability to priority mark, police,
meter or block traffic. With the Enterprise
Network Management System (ENMS),
the network manager has quick access
to the information required to manage
and isolate all network events on the
470 switches.
To Next Page
Loading...
Need help?
General