Nortel Networks 1000ASE-XD User Manual
Page 36
36
Chapter 1 BayStack 420 Switch
209418-A
In this configuration example, the following security measures are implemented:
•
The switch
— RADIUS-based security is used to limit administrative access to the
switch through user authentication (see
— MAC address-based security is used to allow up to 448 authorized
stations (MAC addresses) access to one or more switch ports
(see
“MAC address-based security” on page 37
).
— The switch is located in a locked closet, accessible only by authorized
Technical Services personnel.
•
Student dormitory
Dormitory rooms are typically occupied by two students and have been
prewired with two RJ-45 jacks. Only students who are authorized (as
specified by the MAC address-based security feature) can access the switch
on the secured ports.
•
Teachers’ offices and classrooms
The PCs that are located in the teachers’ offices and in the classrooms are
assigned MAC address-based security that is specific for each classroom and
office location. The security feature logically locks each wall jack to the
specified station and prevents unauthorized access to the switch should
someone attempt to connect a personal laptop PC into the wall jack. The
printer is assigned as a single station and is allowed full bandwidth on that
switch port.
It is assumed that all PCs are password protected and that the classrooms and
offices are physically secured.
•
Library
The wall jacks in the library are set up so that the PCs can be connected to any
wall jack in the room. This arrangement allows the PCs to be moved
anywhere in the room. The exception is the printer, which is assigned as a
single station with full bandwidth to that port.
It is assumed that all PCs are password protected and that access to the library
is physically secured.