Release Notes
Table Of Contents
- Release Notes for the Business Policy Switch 2000 Software Version 1.1
- Introduction
- Related publications
- New features and enhancements
- Compatibility with BayStack 450 Switch software version4.0
- QoS traffic policing
- EAPOL-based security
- Introduction
- EAPOL-based security example
- Overview and terms
- EAPOL dynamic VLAN assignment
- Setting up the Authentication server
- Authentication process
- System requirements
- EAPOL-based security configuration rules
- RADIUS-based network security
- Configuring EAPOL using CI menus
- Configuring EAPOL using JDM
- Configuring EAPOL using the Web-based management system
- Support for the GBIC MDA
- Automatic PVID
- Tabular port statistics
- Ability to ping
- Improved STP Fast Learning Mode
- BootP menu item for a stack of only BPS 2000 switches
- Additional Web-based management operation
- Resolved issues
- Known issues
- Known limitations
23
Release Notes for the Business Policy Switch 2000: Software Version 1.1
EAPOL-based security configuration rules
The following configuration rules apply to your BPS 2000 when using
EAPOL-based security:
• Before configuring your switch, you must configure the Primary RADIUS
Server and Shared Secret fields.
• You cannot configure EAPOL-based security on ports that are currently
configured for:
— Shared segments
— MultiLink Trunking
— MAC address-based security
— IGMP (Static Router Ports)
— Port mirroring
• You can connect only a single client on each port that is configured for
EAPOL-based security. (If you attempt to add additional ports to a port, that
port goes to Blocking mode.)
RADIUS-based network security
The Remote Authentication Dial-In User Services (RADIUS)-based security
feature allows you to set up network access control, using the RADIUS security
protocol.
The feature uses the RADIUS protocol to authenticate local console, Telnet, and
EAPOL-authorized logins.
You must set up specific user accounts (user names and passwords, and
Service-Type attributes) on your RADIUS server before the authentication
process can be initiated.
To provide each user with appropriate levels of access to the switch, set the
following username attributes on your RADIUS server:
• Read-write access—Set the Service-Type field value to Administrative.
• Read-only access—Set the Service-Type field value to NAS-Prompt.
For detailed instructions about setting up your RADIUS server, refer to your
RADIUS server documentation.