Advanced management features
BootP and TFTP support allows centralized switch IP address assignment, software upgrades,
and SNMP agent updates over the network. The security feature uses the Remote
Authentication Dial-In User Services (RADIUS) protocol to authenticate local console and
TELNET logins.
Enhanced security
The BayStack 425 Switches offer security features including Secure Shell (SSH) version 2, IEEE
802.1x based security, [also known as Extensible Authentication Protocol (EAP)], assignment of
proper VLAN and priority, Simple Network Management Protocol (SNMPv3), MAC-address
based security, and RADIUS authentication.
SSHv2 supports strong authentication and encrypted communications. It allows a user
to log into the switch from an SSH client and perform a secure Telnet session using CLI
commands. This feature is ideal for security conscious customers such as federal governments.
For added security, BayStack 425 Switches support the 802.1x-based security feature EAP.
Based on the IEEE 802.1x standard, EAP limits access to the network based on user creden-
tials. A user is required to “login” to the network using a username/password; the user database
is maintained on the authentication server (not the switch).
EAP prevents network connectivity without password authorization for added security and
control in physically non-secure areas. It is used where the network is not 100 percent physi-
cally secure or where physical security needs enhancement—for example, banks, trading
rooms, or classroom training facilities. EAP supports client access to the network and inter-
operates with Microsoft
™
Windows XP and other compliant 802.1x clients.
SNMPv3 provides user authentication and data encryption for
higher security. It also offers secure configuration and monitoring.
BaySecure MAC-address based security allows authentication of
all access, not only to the switches for management and configura-
tions, but also access to the infrastructure through these switches.
This software feature limits access to only network authorized and
trusted personnel, including full tracking of network connections.
With BaySecure, network access is granted or denied via proper
MAC-address identification (up to a maximum of 448).
The RADIUS-based security feature allows you to set up network
access control using the RADIUS security protocol to authenti-
cate local console and Telnet logins.
Port mirroring
The port mirroring feature (sometimes referred to as ‘conversation steering’) allows the
network administrator to designate a single switch port as a traffic monitor for a specified port.
Port mirroring copies packets flowing into a specified port and sends the replicated data to the
mirrored port for in-depth analysis of switched traffic patterns to trouble-shoot problems and
optimize network configurations. Additionally, an external probe device can be attached to
the designated monitor port.
6
