Nortel Ethernet Switch 325-24G AL2012A46-E5 用户手册
产品代码
AL2012A46-E5
4
Port security
IEEE 802.1x
For added security, Ethernet Switch 325
models support the 802.1x-based secu-
rity feature EAP. Based on the IEEE
802.1x standard, EAP limits access to
the network based on user credentials. A
user is required to “login” to the network
using a username/password; the user
database is maintained on the authenti-
cation server (not the switch).
models support the 802.1x-based secu-
rity feature EAP. Based on the IEEE
802.1x standard, EAP limits access to
the network based on user credentials. A
user is required to “login” to the network
using a username/password; the user
database is maintained on the authenti-
cation server (not the switch).
EAP prevents network connectivity
without password authorization for
added security and control in physically
non-secure areas. It is used where the
network is not 100 percent physically
secure or where physical security needs
enhancement; for example, banks,
trading rooms or classroom training
facilities. EAP supports client access to
the network and interoperates with
Microsoft Windows XP and other
compliant 802.1x clients.
without password authorization for
added security and control in physically
non-secure areas. It is used where the
network is not 100 percent physically
secure or where physical security needs
enhancement; for example, banks,
trading rooms or classroom training
facilities. EAP supports client access to
the network and interoperates with
Microsoft Windows XP and other
compliant 802.1x clients.
MAC address-based security
BaySecure MAC address-based security
allows authentication of all access, not
only to the switches for management
and configurations, but also access to
the infrastructure through these switches.
This software feature limits access to
only network-authorized and trusted
personnel, including full tracking of
network connections. With BaySecure,
network access is granted or denied via
proper MAC address identification (up
to a maximum of 448).
allows authentication of all access, not
only to the switches for management
and configurations, but also access to
the infrastructure through these switches.
This software feature limits access to
only network-authorized and trusted
personnel, including full tracking of
network connections. With BaySecure,
network access is granted or denied via
proper MAC address identification (up
to a maximum of 448).
Destination Address
(DA) filtering
DA filtering allows the use of the MAC
address-based security feature (BaySecure)
to configure the switch to drop all
packets with specified MAC DAs. You
can enter up to 10 specific MAC DAs
you want filtered.
address-based security feature (BaySecure)
to configure the switch to drop all
packets with specified MAC DAs. You
can enter up to 10 specific MAC DAs
you want filtered.
Traffic management and QoS
802.1p priority queuing
802.1p priority queuing is standards-
based and enables priority to the order
in which the switch forwards packets on
a per-port basis. For example, if messages
from a specific segment are crucial to
the network, the switch port connected
to that segment can be set to a higher
priority level. Up to four queues can be
set on an Ethernet Switch 325 model
with IEEE 802.1p.
based and enables priority to the order
in which the switch forwards packets on
a per-port basis. For example, if messages
from a specific segment are crucial to
the network, the switch port connected
to that segment can be set to a higher
priority level. Up to four queues can be
set on an Ethernet Switch 325 model
with IEEE 802.1p.
DSCP recognition
This feature enables the possibility to
map the DiffServ Code Point (DSCP)
field within the ingressing IP frames to
one of the eight possible values of the
802.1p priorities.
map the DiffServ Code Point (DSCP)
field within the ingressing IP frames to
one of the eight possible values of the
802.1p priorities.
Broadcast Rate Limiting
Broadcast Rate Limiting allows you to
configure threshold limits on the switch
for either broadcast or multicast packets
ingressing on a port for a given time
interval (in packets per second). If the
configured threshold exceeds on a port,
the switch will drop extra packets
received. No SNMP trap or syslog is
generated in case of congestion.
configure threshold limits on the switch
for either broadcast or multicast packets
ingressing on a port for a given time
interval (in packets per second). If the
configured threshold exceeds on a port,
the switch will drop extra packets
received. No SNMP trap or syslog is
generated in case of congestion.
Switch management
Ethernet Switch Operating
System Software
Ethernet Switch Operating System
Software for Ethernet Switch 325 switches
is a single software image that is used
for both Ethernet Switch 325 models.
The Ethernet Switch Operating System
Software platform is supported across all
other Nortel switches for seamless inte-
gration into the network.
Software for Ethernet Switch 325 switches
is a single software image that is used
for both Ethernet Switch 325 models.
The Ethernet Switch Operating System
Software platform is supported across all
other Nortel switches for seamless inte-
gration into the network.
Username and password
authentication
The Ethernet Switch 325 provides local
switch management using username and
password authentication. The network
manager can assign Read Only or
Read/Write privileges to different users
for management access to the switch.
switch management using username and
password authentication. The network
manager can assign Read Only or
Read/Write privileges to different users
for management access to the switch.
Java Device Manager
The process of configuration begins
with a single device but finishes across
multiple devices. Java Device Manager is
the device configuration tool for those
functions that require communicating
with a single device. It uses a common
user interface and workflow that supports
many Nortel Ethernet switches. This
commonality allows the network manager
to become familiar with one tool instead
of multiple tools.
with a single device but finishes across
multiple devices. Java Device Manager is
the device configuration tool for those
functions that require communicating
with a single device. It uses a common
user interface and workflow that supports
many Nortel Ethernet switches. This
commonality allows the network manager
to become familiar with one tool instead
of multiple tools.
Secure Shell Access (SSH)
SSHv2 supports strong authentication
and encrypted communications. It allows
you to log into the switch from an SSH
client and perform a secure Telnet session
using CLI commands. This feature is
ideal for security-conscious customers
such as federal governments.
and encrypted communications. It allows
you to log into the switch from an SSH
client and perform a secure Telnet session
using CLI commands. This feature is
ideal for security-conscious customers
such as federal governments.
HTTP port number change
This feature allows you to specify the
UDP/TCP port number to be used for
Hypertext Transfer Protocol (HTTP)
switch connections. Beginning with
software release 3.5, you can configure
the HTTP port. This feature provides
enhanced security and network access.
UDP/TCP port number to be used for
Hypertext Transfer Protocol (HTTP)
switch connections. Beginning with
software release 3.5, you can configure
the HTTP port. This feature provides
enhanced security and network access.
Web Quick Start
The Web Quick Start feature allows the
administrator to set up basic configura-
tions on the switch using a single screen.
administrator to set up basic configura-
tions on the switch using a single screen.