Fips non-proprietary cryptographic module security policy 14 pages. Secure network access switch configuration — using tunnelguard system agent 44 pages. Fips non-proprietary cryptographic module security policy 16 pages. Nortel Networks Inc. Page 4 Software is provided will be free from defects in materials and workmanship under normal use for a period of 90 days from the date Software is first shipped to Licensee.
Nortel Networks will replace defective media at no charge if it is returned to Nortel Networks during the warranty period along with proof of the date of shipment. Page 5 Licensee will immediately destroy or return to Nortel Networks the Software, user manuals, and all copies. Nortel Networks is not liable to Licensee for damages in any form solely by reason of the termination of this license.
Export and Re-export. Licensee agrees not to export, directly or indirectly, the Software or related technical data or information without first obtaining any required export licenses or other governmental approvals.
Page 10 Verifying the Installation Page 11 Identify Unit Numbers Page 12 Save Current Settings Page 13 Operating Range B-4 Transmit Characteristics B-5 Receive Characteristics D-8 PHY D-8 Virtual Ports D-9 LEC Failover D Configuration Rules D Mixed Stack Configurations D Initial Configuration D Enabling a LEC Page 15 Figure BayStack Switch Versions BayStack Switch Front Panels BayStack Switch Back Panel Page 16 Figure Page 17 Figure Nortel Networks Logo Screen Main Menu for Standalone Switch Page 18 Figure Page 19 Figure Password Prompt Screen Page 20 Figure E E Figure E Configuring MultiLink Trunks Configuring Port Mirroring 1 of Page 21 Table International Power Cord Specifications Power-Up Sequence Console Interface Main Menu options Page 22 Table Spanning Tree Configuration Menu Options Spanning Tree Switch Settings Parameters Software Download Screen Fields Page 23 Table C C Table F F-2 Table F F-5 Table G G-1 D Rev 01 xxiii Installation instructions are included with each MDA see your Nortel Networks sales representative for ordering information.
Page Text Conventions Text Conventions This guide uses the following text conventions: bold text italic text screen text [Enter] [Ctrl]-C D Rev 01 Indicates command names and options and text that you need to enter. How to Get Help If you purchased a service contract for your Nortel Networks product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance.
Front Panel Figure shows the front-panel configurations for the three BayStack switch models. Note: The RJ port connectors on BayStack switches manufactured prior to December are numbered 1 to 12 and 13 to 24, in succession from left to right.
See Table for a description of the LEDs. Page 39 The switch failed the self-test. The switch is in standalone mode. Page Table The unit is on the ring but cannot participate in the stack configuration. The switch is configured as the stack base unit. The switch is not configured as the stack base unit or is in standalone mode. Blinking Stack configuration error: Indicates that multiple base units or no base units are configured in the stack.
Blinking The corresponding port has been disabled by software. Descriptions of the back-panel components follow the figure. Page 43 Table AA with four slots for power supply modules Order No.
Page Cooling Fans The variable-speed cooling fans not shown are located on one side of the BayStack switch to provide cooling for the internal components. When you install the switch, be sure to allow enough space on both sides of the switch for adequate air flow. Page 46 IEEE Page 50 Figure Page 51 PC into the wall jack. The printer is assigned as a single station and is allowed full bandwidth on that switch port.
It is assumed that all PCs are password protected and that the classrooms and offices are physically secured. EAP allows the exchange of authentication information between any end station or server connected to the switch and an authentication server such as a RADIUS server. New client PC Figure The supplicant can be any end station or server that is connected to the switch.
In the preceding example, the supplicant is the new client PC. Page Authentication Process The flowcharts shown in Figures and describe the authentication process. Login screen Authentication successful? Figure When the switch is participating in a stack configuration, a Stack MAC address is assigned automatically during the stack initialization. Page Network Configurations PCs , and servers to each other by connecting these devices directly to the switch, through a shared media hub that is connected to the switch, or by creating a virtual LAN VLAN through the switch.
Page Desktop Switch Application Desktop Switch Application Figure shows a BayStack T switch used as a desktop switch, where desktop workstations are connected directly to switch ports.
Page Segment Switch Application Segment Switch Application Figure shows a BayStack T switch used as a segment switch to alleviate user contention for bandwidth and eliminate server and network bottlenecks. See the Nortel Networks library Web page: www BayStack T When the Unit Select switch is in the Base up position, all other Unit Select switches in the stack configuration must be set to Off down.
Note: If you do not designate a Business Policy Switch as the base unit of a mixed stack configuration, the stack configuration will not operate. Page 76 assign another Business Policy Switch , if available until the failed unit is repaired or replaced. Page Stack Configurations As shown in Figure , the cascade connectors and cables on the ST1 front panel provide the ability to stack up to eight supported switches.
Page Stack Up Configurations Stack Up Configurations In Figure , data flows from the base unit unit 1 to the next switch, which is assigned as unit 2, and continues until the last switch in the stack is assigned as unit 8.
The physical order of the switches is from bottom to top unit 1 to unit 8. Page Figure For this reason, Nortel Networks recommends that you always configure the top unit in the stack as the base unit. Virtual Local Area Networks VLANs In a traditional shared-media network, traffic generated by a station is propagated to all other stations on the local segment. Page Supported Vlan Types Figure With network segmentation, each switch port connects to a segment that is a single broadcast domain.
When a switch port is configured to be a member of a VLAN, it is added to a group of ports workgroup that belong to one broadcast domain. You can assign different ports and therefore the devices attached to these ports to different broadcast domains. Page Ieee Untagged frames are marked tagged with this classification as they leave the switch through a port that is configured as a tagged port. The untagged packet remains unchanged as it leaves the switch through port 7, which is configured as an untagged member of VLAN 2.
The untagged packet remains unchanged as it leaves the switch through port 7, which is configured as an untagged member of VLAN 3. However, the tagged packet is stripped untagged as it leaves the switch through port 7, which is configured as an untagged member of VLAN 2. However, the configuration guidelines depend on whether both switches support In this configuration switch S2 does not support For this configuration to work properly, you must set spanning tree participation to Disabled the STP is not supported across multiple LANs.
With multiple links, only one link will be in the Forwarding state. In the above configuration, all of the switch ports are set to participate as VLAN port members.
This allows the switch to establish the appropriate broadcast domains within the switch see Figure Press Ctrl-R to return to previous menu. The connection to S2 requires only one link between the switches because S1 and S2 are both BayStack switches that support Page Igmp Snooping IP multicast router. After the pathway is established, the BayStack switch blocks the IP multicast stream from exiting any other port that does not connect to another host member, thus conserving bandwidth.
BayStack Switch Filtering IP Multicast Streams 1 of 2 Switch S1 treats the consolidated proxy reports from S2 and S4 as if they were reports from any client connected to its ports, and generates a consolidated proxy report to the designated router. The last reporting IGMP group member in The port transmit queue example shown in Figure applies to all ports on the BayStack switch. Page User priority Figure As shown in Figure , the switch provides two transmission queues, High and Low, for any given port.
This table is managed by using the Traffic Class Configuration screen Figure Default Traffic Class Configuration Screen Example To configure the port priority level, follow these steps: Determine the priority level you want to assign to the switch port. User priority levels are assigned default settings in all BayStack switches.
The range is from 0 to 7. The traffic class table can be modified; therefore, view the settings shown in the Traffic Class Configuration screen before setting the port priority in the VLAN Port Configuration screen. Setting Port Priority Example Select a priority level from the range shown in the Traffic Class Configuration screen or modify the Traffic Class parameters to suit your needs.
You can configure up to six MultiLink Trunks. As shown in this example, when traffic between switch-to-switch connections approaches single port bandwidth limitations, creating a MultiLink Trunk can supply the additional bandwidth required to improve the performance. Trunk members the ports making up each trunk do not have to be consecutive switch ports; you can select ports randomly, as shown by T5. Page Trunk Name indicates optional fields for assigning names to the corresponding configured trunks.
The names chosen for this example provide meaningful information to the user of this switch for example, S1:T1 to FS2 indicates that trunk 1, in switch S1, connects to file server 2. Both trunks connect directly to switch S1. The names chosen for this example provide meaningful information to the user of this switch for example, S2:T2 to S1 indicates that trunk 1, in switch S2, connects to switch 1. This trunk connects directly to switch S1.
The names chosen for this example provide meaningful information to the user of this switch for example, S3:T4 to S1 indicates that trunk 1, in switch S3, connects to switch 1. The names chosen for this example provide meaningful information to the user for example, S4:T5 to S1 indicates that trunk 1, in switch S4, connects to switch 1.
Page Before Configuring Trunks Before Configuring Trunks When you create and enable a trunk, the trunk members switch ports take on certain settings necessary for correct operation of the MultiLink Trunking feature. Example 1: Correctly Configured Trunk The switch can also detect trunk member ports that are physically misconfigured.
For example, in Figure , trunk member ports 2, 4, and 6 of switch S1 are configured correctly to trunk member ports 7, 9, and 11 of switch S2. The Spanning Tree Port Configuration screen for each switch shows the port state field for each port in the Forwarding state. For example, if you change spanning tree parameters for any trunk member, the spanning tree parameters for all trunk members change. Page Port Mirroring Conversation Steering Port Mirroring Conversation Steering The port mirroring feature sometimes referred to as conversation steering allows you to designate a single switch port as a traffic monitor for up to two specified ports or two media access control MAC addresses.
You can designate one of your switch ports to monitor traffic on any two specified switch ports port-based or to monitor traffic to or from any two specified addresses that the switch has learned address-based. Page Port-Based Mirroring Configuration Figure shows an example of a port-based mirroring configuration where port 23 is designated as the monitor port for ports 24 and 25 of switch S1.
Although this example shows ports 24 and 25 monitored by the monitor port port 23 , any of the trunk members of T1 and T2 can also be monitored. Page As shown in the Port Mirroring Configuration screen example Figure , port 23 is designated as the Monitor Port for ports 24 and 25 in switch S1.
Page Address-Based Mirroring Configuration Port Mirroring Port-Based Screen Example Address-Based Mirroring Configuration Figure shows an example of an address-based mirroring configuration where port 23, the designated monitor port for switch S1, is monitoring traffic occurring between address A and address B. Note: The screen data displayed at the bottom of the screen changes to show the new currently active port mirroring configuration after you press [Enter].
Page Port Mirroring Configuration Rules When you configure a port as a monitor port, the port is automatically disabled from participating in the spanning tree. When you reconfigure the port as a standard switch port no longer a monitor port , the port is enabled for spanning tree participation. Install the BayStack switch in a ventilated area that is dust free and away from heat vents, warm air exhaust from other equipment, and direct sunlight.
Avoid proximity to large electric motors or other electromagnetic equipment. Package Contents If any items are missing or damaged, contact the sales agent or the customer service representative from whom you purchased the BayStack switch. BayStack switch Page Installation Procedure This section provides the requirements and instructions for installing the BayStack switch on a flat surface or in a standard inch utility rack.
If you install the switch in a rack, ground the rack to the same grounding electrode used by the power service in the area. Page Installing The Baystack Switch In A Rack The BayStack switch can be mounted onto any appropriate flat, level surface that can safely support the weight of the switch and its attached cables, as long as there is adequate space around the unit for ventilation and access to cable connectors.
To install the BayStack switch in a rack, follow these steps: Determine how far you want the switch to protrude in front of the rack. Page You can install the switch flush to the rack or extended from the rack, depending on the orientation of the mounting brackets.
Using a Phillips screwdriver, attach a mounting bracket to each side of the switch using the supplied screws Figure As in conventional Ethernet repeater hubs, these ports connect via straight-through cables to the network interface card NIC in a node or server.
When connecting to an Ethernet hub or to another switch, you must use a crossover cable. Both products use MT-RJ port connectors with Connect the other end of the cable to a terminal or the serial connector of a personal computer running communications software. When you connect the AC power cord to a suitable AC power outlet, the switch powers up immediately.
Warning: Removal of the power cord is the only way to turn off power to this device. Page Verifying The Installation Verifying the Installation When power is applied to the switch, power-on self-tests run. You can verify proper operation of the BayStack switch by observing the front-panel LEDs or by viewing the self-test results as displayed in the BayStack switch Self-Test screen.
The results of the self-test are displayed briefly 5 or 10 seconds on the Self-Test screen, which is followed by the Nortel Networks Logo screen Figure Note: The Self-Test screen remains displayed only if the self-test detects a fatal error. Upon successful completion of the power-up self-tests, the switch is ready for normal operation.
SNMP Configuration System Characteristics Switch Configuration Enter the default gateway address in the Default Gateway field, and then press [Enter]. Alternatively, you can press the key corresponding to the underlined letter in the option name.
For example, to select the Switch Configuration option in the main menu, press the w key. Note that the text characters are not case-sensitive.
Map of Console Interface Screens The CI screens for your specific switch model will show the correct model name in the main menu title and the correct number of ports and port types in the Port Configuration screen.
Page Main Menu Note: Some menu options shown in this main menu example and in other screen examples in this chapter may not appear on your screen, depending on the switch options installed. However, the full menu options are shown in the screen examples and described in the following sections.
This screen also contains three user-configurable fields: sysContact, sysName, and sysLocation. When the switch is part of a stack configuration, this screen also displays the base unit identification, the number of units configured in the stack, and the local unit stack number.
You can set your switch to enable a user at a remote console terminal to communicate with the BayStack switch as if the console terminal were directly connected to it.
Page Enter Yes to reset the switch to the factory default configuration settings; enter No to abort the option. If the switch is participating in a stack configuration, additional prompts allow you to reset a specific unit in the stack or the entire stack.
Data that you enter in the user-configurable fields takes effect as soon as you press [Enter]. This field is not required for the IP Address operation of the stack. This field cannot use the same IP address used for the stack. Page Bootp Disabled The switch can be managed only by using the in-band IP address set from the console terminal. These actions take effect after the switch is reset or power cycled, even if an IP address is not currently in use. If the row status is set to Ignore, the fields appear to be set when viewed from the console terminal; System Characteristics Screen Fields When the unit is part of a stack configuration, the read-only field indicates the unit is operational in a stack, and lists the current unit number of this switch.
In this example see Figure on page , the current unit number is Unit 2. Note that this field is updated when the screen is redisplayed. This screen allows you to designate a single switch port as a traffic monitor for up to two specified ports or addresses. To refresh the screen, press [Ctrl]-R to return to the previous menu. If an entry is inactive for a period of time that exceeds the specified aging time, the address is removed. Page Mac Address-Based Security You can specify a list of up to MAC addresses within a single standalone switch or within one or more units in a single stacked configuration that are authorized to access the switch or stack.
You can also specify the ports that each MAC address is allowed to access. This screen allows you to specify the MAC addresses that are allowed to access the switch. Configuration Menu. When an intrusion event is detected see MAC Address Security field description the specified port is set to Disabled partitioned from other switch ports.
Mac Address Security Port Configuration Screen Fields The values that you set in the Switch row will affect all switch ports and, when the switch is part of a stack, the values that you set in the Stack row will affect all ports in the entire stack.
In a stack configuration, ALL indicates all of the stack ports; in a standalone switch, ALL indicates all of the switch ports. You must also include the MAC addresses of any routers and switches that are connected to any secure ports. Determining whether a connected device is operating at 10 Mbps or Mbps, and automatically adjusting to the Page 3 Plus, the stack can be managed as a single entity with one IP address.
Order Number Description All other trademarks are the property of their owners. Information in this document is subject to change without notice. Nortel Networks assumes no responsibility for any errors that may appear in this document. Print page 1 Print document 8 pages. Rename the bookmark. Delete bookmark? Cancel Delete. Delete from my manuals? Sign In OR. Don't have an account? Sign up! Restore password.
0コメント