Table of Contents
Advertisement
RADIUS-based network security
The RADIUS-based security feature allows you to set up network access control,
using the Remote Authentication Dial-In User Services (RADIUS) security
protocol. The RADIUS-based security feature uses the RADIUS protocol to
authenticate local console and Telnet logins.
You will need to set up specific user accounts (user names and passwords, and
Service-Type attributes) on your RADIUS server before the authentication
process can be initiated. To provide each user with appropriate levels of access to
the switch, set the following username attributes on your RADIUS server:
•
Read-write access—Set the Service-Type field value to Administrative.
•
Read-only access—Set the Service-Type field value to NAS-Prompt.
For detailed instructions to set up your RADIUS server, refer to your RADIUS
server documentation.
MAC address-based security
The MAC address-based security feature allows you to set up network access
control, based on source MAC addresses of authorized stations.
You can:
•
Create a list of up to 10 MAC destination addresses (DAs) that you want to
filter. All packets with the specified DAs are dropped. The packet with the
specified MAC DA will be dropped regardless of the ingress port, source
address (SA) intrusion, or VLAN membership.
This feature is available only with BPS2000 software version 2.0 and higher.
Also, this feature is unavailable on the BayStack 450 or 410 switches. In a
Hybrid stack, only the BPS 2000 will filter the specified MAC DAs.
Using the Business Policy Switch 2000 Version 2.0
78
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
