Switch User Manual
5
IGMP snooping
The BayStack 460 Switch features IP
Multicast support by examining (‘snoop-
ing’) all Internet Group Multicast Protocol
(IGMP) traffic in hardware at line rate, and
filtering out (dropping) unwanted IGMP
packets such as PING from disrupting
network or end-station performance.
Multiple spanning tree
protocol groups
The BayStack 460 Switch supports
multiple spanning tree groups (STGs). It
supports a maximum of eight STGs, either
all in one standalone switch or across a
stack consisting solely of BayStack 460
Switches. Multiple STGs provide multiple
data paths, which can be used for load
balancing and redundancy.
Nortel Networks Command
Line Interface (NNCLI)
The NNCLI is used to automate general
management and configuration of BayStack
460 Switches. The NNCLI is used through
a TELNET session or through the serial
port on the console.
ASCII configuration file
The BayStack 460 Switch can download a
user-editable ASCII configuration file from
a Trivial File Transfer Protocol (TFTP)
server. The ASCII configuration file can
be loaded automatically at boot time or on
demand using the management systems
(console menus or CLI). Once down-
loaded, the configuration file automatically
configures the switch or stack according to
the NNCLI commands in the file. This
feature allows the flexibility of creating
command configuration files that can be
used on several switches or stacks with
minor modifications.
Spanning Tree Protocol
Built-in support for Spanning Tree Protocol
(IEEE 802.1D) detects and eliminates
logical loops in the network. When multi-
ple paths exist, the switch will automatically
place some ports on standby to form a
network with the most efficient traffic
pathways, avoiding the continual looping
of frames.
Port mirroring
The port mirroring feature (sometimes
referred to as ‘conversation steering’) allows
the network administrator to designate a
single switch port as a traffic monitor for a
specified port. Port mirroring copies
packets flowing into a specified port and
sends the replicated data to the mirrored
port for in-depth analysis of switched traffic
patterns to troubleshoot problems and opti-
mize network configurations. Additionally,
an external probe device can be attached to
the designated monitor port.
Advanced management
features
BootP and TFTP support allows centralized
switch IP address assignment, software
upgrades, and SNMP agent updates over
the network. The RADIUS-based security
feature uses the RADIUS (Remote
Authentication Dial-In User Services)
protocol to authenticate local console
and TELNET logins.
LED indicators
The LED indicators on the front panel
make it easy to monitor the switch and port
status and help in isolating and diagnosing
switch problems.
Enhanced security
The BayStack 460 Switch offers the highest
level of security with features including
Secure Shell (SSH) version 2, IEEE 802.1x
based security [also known as Extensible
Authentication Protocol (EAP)] assignment
of proper VLAN and priority, Simple
Network Management Protocol (SNMPv3),
MAC-address based security, and RADIUS
authentication.
SSHv2 supports strong authentication and
encrypted communications. It allows you to
log into the switch from an SSH client and
perform a secure TELNET session using
CLI commands. This feature is ideal for
security conscious customers such as federal
governments.
For added security, BayStack 460 Switch
supports the 802.1x-based security feature,
(EAP). Based on the IEEE 802.1x standard,
EAP limits access to the network based on
user credentials. A user is required to
“login” to the network using a username/
password; the user database is maintained
on the authentication server (not the
switch). EAP prevents network connectivity
without password authorization for added
security and control in physically non-
secure areas. It is used where the network is
not 100 percent physically secure or where
physical security needs enhancement, for
example, banks, trading rooms, or class-
room training facilities. EAP supports client
access to the network and interoperates
with Microsoft
™
Windows XP and other
compliant 802.1x clients.
SNMPv3 provides user authentication and
data encryption for higher security. It also
offers secure configuration and monitoring.