Nortel business policy switch 2000 User Manual page 79

Note: Ensure that you do not enter the MAC address for the stack or any
of the units you are using.
• Create a list of up to 448 MAC source addresses (SAs) and specify which SAs
are authorized to connect to your switch or stack configuration. The 448 MAC
SAs can be configured within a single standalone switch, or they can be
distributed in any order among the units in a single stack configuration.
— Specify which of your switch ports each MAC SA is allowed to access.
The options for allowed port access include: NONE, ALL, and single or
multiple ports that are specified in a list, for example, 1/1-4,1/6,2/9.
— Specify optional actions to be exercised by your switch if the software
detects an SA security violation.
The response can be to send a trap, turn on destination address (DA)
filtering for the specified SAs, disable the specific port, or any
combination of these three options.
The MAC address-based security feature is based on Nortel Networks BaySecure
LAN Access for Ethernet, a real-time security system that safeguards Ethernet
networks from unauthorized surveillance and intrusion.
With software version 2.0, you can configure the BPS 2000 to drop all packets
with specified MAC destination addresses (DA). You can enter up to 10 specific
MAC DAs you want filtered.
For instructions on configuring the MAC address-based security feature, refer to
Chapter 3, Using Web-based Management for the Business Policy Switch 2000
Software Version 2.0, Reference for the Business Policy Switch 2000 Management
Software Version 2.0, and Reference for the Business Policy Switch 2000
Command Line Interface Software Version 2.0.
Note: You must use either the CLI or the Web-based management
system to configure MAC DA filtering.
Chapter 1 The Business Policy Switch 2000 79
Using the Business Policy Switch 2000 Version 2.0