8
Advanced management features
BootP and TFTP support allows centralized switch IP address assignment, software
upgrades, and SNMP agent updates over the network. The RADIUS-based security
feature uses the RADIUS (Remote Authentication Dial-In User Services) protocol to
authenticate local console and TELNET logins.
LED indicators
The LED indicators on the front panel
make it easy to monitor the switch and
port status and help in isolating and diag-
nosing switch problems.
Enhanced security
The BayStack 460 Switch offers the highest
level of security with features including
Secure Shell (SSH) version 2, IEEE 802.1x
based security (also known as Extensible
Authentication Protocol (EAP), assign-
ment of proper VLAN and priority,
Simple Network Management Protocol
(SNMPv3), MAC-address based security,
and RADIUS authentication.
SSHv2 supports strong authentication and
encrypted communications. It allows you
to log into the switch from an SSH client
and perform a secure TELNET session
using CLI commands. This feature is ideal
for security-conscious customers such as
federal governments.
For added security, BayStack 460 Switch supports the 802.1x-based security feature, EAP.
Based on the IEEE 802.1x standard, EAP limits access to the network based on user
credentials. A user is required to “login” to the network using a username/password; the
user database is maintained on the authentication server (not the switch). EAP prevents
network connectivity without password authorization for added security and control in
physically non-secure areas. It is used where the network is not 100 percent physically
secure or where physical security needs enhancement; for example, banks, trading rooms,
or classroom training facilities. EAP supports client access to the network and interoper-
ates with Microsoft Windows XP and other compliant 802.1x clients.
SNMPv3 provides user authentication and data encryption for higher security. It also
offers secure configuration and monitoring.
IP Manager List limits access to the management features of the BayStack 460 Switch by a
defined list of IP addresses or IP address ranges/subnets, providing greater network secu-
rity and manageability.
BaySecure MAC-address based security allows authentication of all access, not only to the
switches for management and configurations, but also access to the infrastructure through
these switches. This software feature limits access to only network-authorized and trusted
personnel, including full tracking of network connections. With BaySecure, network access is
granted or denied via proper MAC-address identification (up to a maximum of 448).
Figure 6. Large enterprise solution
Passport 8600
BayStack 460 Stack
Succession
1000
CallPilot 2.0
Desktop
users
WLAN
Access Point
2220
i2004
Standard LAN
Power over Ethernet
Servers
Analog
Phones
Succession* Media
Gateway
Power
10/100
Mbps
Distributed Multi-Link Trunking
Net
camera
