Nortel 2526T Guía Del Usuario
20
Using security in your network
•
Teachers’ offices and classrooms
The PCs that are located in the teachers’ offices and in the classrooms
are assigned MAC address-based security that is specific for each
classroom and office location. The security feature logically locks each
wall jack to the specified station and prevents unauthorized access to
the switch if someone attempts to connect a personal laptop PC into the
wall jack. The printer is assigned as a single station and is allowed
full bandwidth on that switch port.
are assigned MAC address-based security that is specific for each
classroom and office location. The security feature logically locks each
wall jack to the specified station and prevents unauthorized access to
the switch if someone attempts to connect a personal laptop PC into the
wall jack. The printer is assigned as a single station and is allowed
full bandwidth on that switch port.
It is assumed that all PCs are password protected and that the
classrooms and offices are physically secured.
classrooms and offices are physically secured.
•
Library
The wall jacks in the library are set up so that the PCs can be connected
to any wall jack in the room. With this arrangement, you can move
the PCs anywhere in the room. The exception is the printer, which is
assigned as a single station with full bandwidth to that port.
to any wall jack in the room. With this arrangement, you can move
the PCs anywhere in the room. The exception is the printer, which is
assigned as a single station with full bandwidth to that port.
It is assumed that all PCs are password protected and that access to
the library is physically secured.
the library is physically secured.
RADIUS-based network security
The RADIUS-based security feature lets you set up network access control
by using the Remote Authentication Dial-In User Services (RADIUS) security
protocol. The RADIUS-based security feature uses the RADIUS protocol to
authenticate local console, Telnet, SSH, and Web access login sessions.
by using the Remote Authentication Dial-In User Services (RADIUS) security
protocol. The RADIUS-based security feature uses the RADIUS protocol to
authenticate local console, Telnet, SSH, and Web access login sessions.
You need to set up specific user accounts (user names and passwords, and
Service-Type attributes) on your RADIUS server before you can initiate
the authentication process. These accounts provide you with appropriate
levels of access to the switch.
Service-Type attributes) on your RADIUS server before you can initiate
the authentication process. These accounts provide you with appropriate
levels of access to the switch.
Set the following username attributes on your RADIUS server:
•
Read-write access—set the Service-Type field value to Administrative.
•
Read-only access—set the Service-Type field value to NAS-Prompt.
For detailed instructions to set up your RADIUS server, see your RADIUS
server documentation.
server documentation.
RADIUS password fallback enhancement
With Release 4.1 software, you can configure RADIUS password fallback as
an option when using RADIUS authentication for login and password.
an option when using RADIUS authentication for login and password.
When RADIUS password fallback is enabled and the RADIUS server is
unavailable or unreachable, you can use the local switch password to log
on to the switch.
unavailable or unreachable, you can use the local switch password to log
on to the switch.
Nortel Ethernet Routing Switch 2500 Series
Security — Configuration and Management
NN47215-505 (323165-B)
02.01
Standard
4.1
19 November 2007
Copyright © 2007, Nortel Networks
.